...
*An Owner of a pipeline, task, tool, ect is always going to have full access to that item. This is why Opsera offers a way to transfer ownership to another user. Owner of a pipeline or task shoudl be considered an “Administrator” of that item.
Access Rules: Pipelines, Tasks, Tools, etc
Item level access rules are designed to apply users or groups to given objects in the system: Pipelines or Tools at this time. These policies will apply to the given item and its actions. By default, Site Administrators AND individual item Owners will always have full access to a given item.
The owner of the pipeline will always have full access and visibility to that item, no matter what the roles settings are in relation to that user. If the user does not desire this access, they need to use the Transfer Pipeline feature to transfer ownership to someone else. Item level access can be applied to custom user groups OR individual users.
Following other platform models, IF a user does not have the proper access to a Pipeline or Tool, then the site will completely hide it from them. It will be as if the item doesn’t exist to the user, so they will not see it in the All Pipelines or Tool Registry table AND in the Logs/Blueprints UI, the pipeline will not show up in the drop down.
Pipelines
This functionality operates the same way as Tool Registry. If NO rules are applied, all users have access to an item. If specific rules are set (either via a custom group or direct user) then that takes over.
...
Access Role Type
...
Access Policy
...
Description
...
Owner
...
Full Access
...
Administrator
...
Full Access
...
Manager
Site Level Power User
...
Power User Type Policy
...
Please note, this role is the same as a Site Level Power User.
· View Step Configuration
· Edit Step Details
· Publish a pipeline to catalog
· Duplicate a Pipeline
· Stop, Start, Reset Pipeline
· Approve Step when pipeline is waiting (this may not apply via Slack, so have to flush out the services end on this still.)
· Edit Access Roles
· Edit Step Notification Rules
...
User
...
End User Type Policy
...
This is the standard user policy so it’s designed to give users just enough access to run, stop, reset pipeline. That’s it. As such they will see all pipeline activity logs too.
...
Guest
...
Read Only Access
...
This is used to allow a user to see a pipeline in the UI. They would have only read access to it but as such can search logs, view activity. Without this access, the user would not even know the pipeline exists.
Ownership - Tool Registry
This functionality operates the same way as Pipelines. If NO rules are applied, all users have access to an item. If specific rules are set (either via a custom group or direct user) then that takes over.
...
Access Role Type
...
Access Policy
...
Description
...
Owner
...
Full Access
...
Administrator
...
Full Access
...
Manager
Site Level Power User
...
Power User Type Policy
...
Please note, this role is the same as a Site Level Power User.
· Edit tool settings
· User tool in pipeline (not implemented yet)
· Edit tool connection tab
· Edit tool job/project/ account tabs
· Create a tool
...
User
...
End User Type Policy
...
When complete, this will be the standard user policy where users can select and use the tool. This user should be able to see the tool log output. NOT YET COMPLETE.
...
Guest
...
Read-Only Access
...
When complete, this would imply the user can see the tool in the list so that they can see who the owner is, other location data or any attributes stored on the tool, BUT they could not use it. NOT YET COMPLETE.
...