Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 40

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 41

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Graphical Permissions Editing' added

...

Permissions Structure

Permissions are strictly hierarchical:

  • A Role with the Permission sos:products:joc_cockpit:jobscheduler_master:view 'only' allows a User to view JobScheduler Masters while a User with the 'higher' sos:products:joc_cockpit:jobscheduler_master Permission is able not only to view JobScheduler Masters but able to carry out all other operations - view, execute and administrate.

...

  • Adding Permissions:
    • The Add Permission button in the Permissions View allows a Permission to be selected from a list of all available Permissions as shown in the screenshot below.
      • Note that the Permissions listed are all individual Permissions. They can be edited to make them higher level / less specific.
        • For example, the screenshot below shows that the ...jobscheduler_master:execute:restart:terminate permission in the process being selected.
        • Once selected the Permission can be edited before the Submit button is clicked. This allows, for example, the Permission to be modified to ...jobscheduler_master:execute:restart, allowing the Role to carry out all operations covered by this Permission. These are:
          • sos:products:joccockpit:jobscheduler_master:execute:restart:terminate
          • sos:products:joccockpit:jobscheduler_master:execute:restart:abort
        • The following screenshot shows the edited version alongside the original:
        • A selected permission can also be made subtractive - i.e. to remove a specific part of a higher level Permission.
          • This is done by ticking the Excluded checkbox.
  • Modifying Existing Permissions:
    • The pencil symbol shown alongside existing Permissions in the Permissions view (shown in the screenshot above) can be used to change the function of a Permission in a Role - to make an additive Permission subtractive and vice-versa. It cannot be used to edit a Permission.
    • The X symbol shown alongside existing Permissions in the Permissions view can be used to remove an existing Permission from a Role.

...

useraa
  • Graphical Permissions Editing:
  • ...

JobScheduler-Specific Permissions

...

    • The Graphical Permissions Editor is activated by selecting the 'Tree' symbol at the top right of the Permissions section.
      Image Added

    • The editor opens with a partially collapsed permissions tree as shown in the next screenshot:
      Image Added

      • The Expand tree button (shown in the above screenshot) can be used to open all the tree elements.

      • Navigation is carried out by dragging & dropping the tree view.

    • The functions available for the tree elements are (with reference to the screenshot below):

      • Select / Unselect a Permission - click on the body of an unselected / selected element
        • Selected Permission elements are shown in blue (see the view element in the screenshot)
        • Children of selected Permission elements are shown in light blue (as shown in the screenshot)
      • Negate a Permission - click on the plus sign at the left hand end of the element
      • Remove a Permission Negation - click on a - sign at the left hand end of the element
      • Show / hide child elements - click on the + / - symbols at the right hand end of an element

    • In the following screenshot the view element has been selected, automatically selecting the view:status, view:parameter and view:mainlog child permissions.
      In addition, the view:mainlog child permission has been negated, meaning that only the view:status, view:parameter and view:mainlog child permissions are active.
      Image Added

    JobScheduler-Specific Permissions

    By default User Accounts are granted Permissions for all the JobScheduler Masters and JobScheduler Master Clusters in a scheduling environment. However, Roles can be created that are only able to access  one or more specific JobScheduler Masters or JobScheduler Master Clusters in the environment. This is done in the Masters section of the Manage Accounts view as shown in the next screenshot.

    Image Modified

    Note that if one of the default Roles is configured to apply for a specific JobScheduler Master then it will no longer apply for the other Masters in the environment

...

  • .

...

 

Anchor
folders
folders
Folders

...