Page History
...
- A graphical editor as shown in the next screenshot:
- Changes to the Permissions tree are saved in the database.
- The Undo button allows the last 10 changes made to be undone stepwise.
- The states saved in the Undo button will be deleted when the Permissions tab is left.
- The ResetRedo button changes the Permissions tree back to the initial state when the Permissions Tab was opened.
- The state stored in the ResetRedo button will be deleted when the Permissions tab is left.
- Clicking on the middle of a Permission icon will grant the Permission for the current Role.
- Granted Permissions have a blue background and are by default recursive.
- The "+" and "-" symbols at the right of each Permission icon open and close child branches.
- The "-" and "+" symbols at the left of each Permission icon are used to revoke a higher Permission and are by default recursive.
- Permission icons affected by revoked Permissions are shown with a gray background
- Permission icons affected by revoked Permissions are shown with a gray background
- A list editor as shown in the next screenshot:
- Individual Permissions can be modified and removed from the Role using the pencil and X symbols that are blended in when the user's mouse is moved over a Permission:
- The Edit function allows the Permission to be made subtractive - i.e. for permission granted at a higher level to be removed.
- The Folder part of the view is for restricting the Role to accessing particular Folders - and thereby particular workflow.
Initial Configuration
Creating and Configuring User Accounts and Roles
System administrators will likely want to create and configure their own User Accounts and Roles, for example, limiting access to resources such as JobScheduler objects and logs.
It is often easier to create Manage new Roles, assign Permissions or Folders to these Roles and then create new User Accounts and assign Roles to them.
Creating a new Role
- New Roles are created in the Manage roles tab using the Add Role button:
- Once a new Role has been created it will be automatically added to the list of Roles shown in the background of the screenshot above.
Configure Permissions and/or Folders for the Role
- Now expand the Role using the arrow button click on the default (blue link) to add Permissions and/or Folders in the Permissions tab. The Procedures available for adding and editing Permissions and Folders are described in the Editing User Permissions and Folders sections below.
- Note that Roles that neither have Permissions or Folders assigned to them are deleted automatically when the Manage Identity Service view is left.
Create a new User Account
- After Permissions / Folders have been configured select the Accounts tab to create a new User Account and allocate one or more Roles to this Account.
- The Edit Account function is accessed by clicking the relevant Action symbol (ellipsis) in the Actions column of the User Accounts list (visible in the background of the above screenshot). This can be used to change the Password, the Account name and add or remove Roles.
- Note that deselecting a Role in this modal window 'uncouples' the Role from the User Account - it does not delete the Role.
Editing User Permissions
Permissions Structure
Permissions are strictly hierarchical:
- A Role with the Permission
sos:products:controller:view
'only' allows a User to view Controllers, while a User with the 'higher'sos:products:controller
Permission is able not only to view Controllers but able to carry out other operations - in this case, view, restart, terminate, and switch_over. - The JS7 - Permissions article contains a link to a full list of all Permissions that can be granted.
Editing Permissions
Caution
Users have to have a Role with the following Permission - or higher - before they are able to log into the JOC Cockpit:
sos:products:joc_cockpit:jobscheduler_master:view:status
Shiro Identity Service Settings
...
Overview
Content Tools