...
The Folder part of the view is for restricting the Role to accessing particular Folders - and thereby particular Jobs, Job Chains, etc - within a JobScheduler Master's live
folder and will be described later.
Editing Permissions is described below .
Initial Configuration
Adding User Accounts and Roles
...
In addition, the same article contains a link to a full list of all Permissions that can be granted.
Anchor |
---|
...
|
...
Permissions Structure
Permissions are hierarchical:
...
By default Permissions are granted for all the JobScheduler Masters and JobScheduler Master Clusters in an environment.
Anchor | ||||
---|---|---|---|---|
|
Folders are used to restrict User access to JobScheduler Objects such as Jobs, Orders and Schedules. This means that, for example, Users can be can be restricted to accessing only Objects for particular mandators / clients.
...
Roles with Folder Permissions are often configured for Users in combination with default Roles. For example, if the demo_user described here was allocated the it_operator Role in addition to the demo_role, they would be able to carry out the tasks allowed by the default IT Operator Permissions but only for JobScheduler Objects in the demo folder and, if configured, its child Folders. See the Use Case below for an example configuration.
Use Cases
Multi-Mandator Scheduling
A JobScheduler Master can be used to provide job scheduling services for a number of mandators / clients and ensure that Users such as operators or support staff associated with one mandator do not have access to scheduling activities or configuration information of another mandator. This is achieved with a combination of Roles and Folder Permissions.
Consider a JobScheduler Master carrying out scheduler activities for two clients mandator A and mandator B:
- The JobScheduler's
live
Folder is structured as follows:live
mandator_a_folder
(for all Jobs, Orders, etc. for this client)mandator_b_folder
(for all Jobs, Orders, etc. for this client)sos
(the default folder for housekeeping and other Jobs, Orders, etc.)
- Incident management for each mandator is carried out by separate User with the default incident_manager Role and a role with Folder Permissions restricting them to the respective mandator Folder- i.e.
mandator_a_im_user
- incident_manager (common default Role)
- mandator_a_role (mandator-specific Role)
mandator_a_folder
(Folder Permission)
mandator_b_im_user
- incident_manager (common default Role)
- mandator_b_role (mandator-specific Role)
mandator_b_folder
(Folder Permission)
The above configuration means that the incident manager Users for mandator A and mandator B will only be able to see the Jobs, Orders, log files, and other possibly confidential information for their respective mandator.
See the Folders Section (above) for instructions about configuring Folder Permissions.