Versions Compared

Version Old Version 9 New Version 10
Changes made by

Christina

Christina

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Opsera supports 4 levels of standard role based access using a groups model. The four tiers are: Administrators, Power Users, Users and Read Only*. From a system perspective, users can be added to either Administrators, Power Users or Users groups. A user not in any of those are read only.

*Read-only is the default, and implied if the user is not defined as one of the other three. This is a security precaution to ensure that someone must deliberately grant a user access at the most basic level before they can start using pipelines or tools. 

...

Users Group: Users should be the basic group membership that everyone is a part of if they are actively using our system. This is a base level group that basically would allow users to view logs/blueprints/dashboards, create their own pipelines or register new tools, but not see anyone else’s (unless granted that access directly).

Read-Only Access: This role is not completely flushed out yet, but the idea is that if you are not an active “pipeline/tool registry” user, then this role may be useful for Analytics/Dashboards and just individuals who want to look around the system. Eventually I would see this as being the default group we assign to any new user (in an LDAP Org) and then IF the user is going to start using our tools, then they get moved up to the Users group. But again, this is more in theory right now and we will have to flush it out.

...

Access Role Type

Access Policy

Description

Owner

Full Access


Administrator

Full Access


Manager

Site Level Power User

Power User Type Policy

Please note, this role is the same as a Site Level Power User.

·   edit Edit tool settings

·   user User tool in pipeline (not implemented yet)

·   edit Edit tool connection tab

·   edit Edit tool job/project/ account tabs

·   create Create a tool

User

End User Type Policy

When complete, this will be the standard user policy where users can select and use the tool. This user should be able to see the tool log output. NOT YET COMPLETE. 

Guest

Read-Only Access

When complete, this would imply the user can see the tool in the list so that they can see who the owner is, other location data or any attributes stored on the tool, BUT they could not use it. NOT YET COMPLETE.