Skip to Content
DocsConfigurationUsers, privileges, rolesManage Privileges

Manage Privileges

Introduction

Privileges do not apply to administrators: we don’t check privileges for administrators so that they can perform any action.

There are two types of privileges: system privileges and object privileges.

Administrator

Administrator is a property of the user, not a privilege. Administrator can perform any action in the system. Some actions can be performed only by an administrator:

  • Manage Users, Roles; assign Privileges and roles to an user
  • Manage Clients
  • Manage API Applications
  • Manage Identity Providers (configuring SSO)
  • Manage the metadata repository (such as encryption, eraseMasterRepository, etc)
  • View System Log
  • View global Activity Log

Object Privileges

Object privileges grant permissions to perform actions on objects. Object are identified by type and name.

Name can be the name of a particular object or * meaning any object.

The type can be:

  • app - application
  • source - application source
  • specification - application specification
  • scenario - application scenario
  • schedule - all schedules of the app. You can only grant view and edit privileges on schedule. edit will allow the user to create, edit, and activate/deactivate schedules.
  • activity_log - activity log of the app. You can only grant view and edit privileges on schedule. edit will allow the user to create, edit, and activate/deactivate schedules.

Object actions are:

  • * - permission to perform any operation on the object
  • create - create a new object
  • delete - delete the object
  • edit - edit the object
  • view - view the object
  • list - the object to be included in a list of objects. Thus the user can know that the object exists but cannot view/edit it
  • run - execute the scenario

Each privilege in the following lists inherit the subsequence privileges (for example, edit allows to view and list objects):

  • any, edit, view, list
  • any, run
  • any, create
  • any, delete

Objects can contain child objects. For example, an application contains sources, specification, and scenarios as its child objects. Child objects inherit priviliges granted to the parent object except the list privilege. For example, if you grant edit on an application object to an user, the user can edit any of its child objects such as sources, scenarios, etc. You can grant less restricting privileges to child objects than you granted on the parent object. For example, if you grant view on an application you can allow edit on scenarios of the application. But more restricting privileges on subobjects will be ignored. For example, if you grant edit on an application and view on the sources of the application, then editing of the sources is still allowed.

Grant Privileges

  1. Right click on the Settings tab on the home page and click on Users in the left menu.

  2. Expand the user row in the user list by clicking on the arrow on the left. You will see a list of all privileges granted to the user.

  3. Click on the Grant button at the top of the privileges list.

  4. Select User, Object, (optionally) Subobject, and Action using suggestion lists. Selecting Subobject is optional.

  5. Click Submit button to grant the privilege.

Edit Privileges

  1. Right click on the Settings tab on the home page and click on Users in the left menu.

  2. Expand the user row in the user list by clicking on the arrow on the left. You will see a list of all privileges granted to the user.

  3. Click on the Edit button on the corresponding row.

  4. Edit Object, Subobject, and Action using the suggestion lists. You cannot edit User.

  5. Click Submit button to save changes.

Revoke Privileges

  1. Right click on the Settings tab on the home page and click on Users in the left menu.
  2. Expand the user row in the user list by clicking on the arrow on the left. You will see a list of all privileges granted to the user.
  3. Click on the Revoke button on the corresponding row.
Last updated on
Manage GroupsManage Roles