Page History
...
The Permissions sub-view
The main purpose of the Permissions sub-view is to allow Folders and Permissions to be configured for each Roleallows to configure permissions for roles, optionally limited to specific folders.
Folder Selection
Folders are added using the Add Folder button shown visible in the background of the below screenshot below, at in the top upper right .corner:
Folders themselves are selected from a simple tree view of the folders. This tree view that is opened by clicking on the folder symbol shown in the icon, see screenshot.
Permissions Configuration
Two editors are available for configuration of permissions added to a Rolerole:
- The Graphical EditorA graphical editor is available as visible from the following screenshot:
- Explanation:
- Changes to the Permissions permissions tree are stored to the JS7 database.
- The Undo button allows the last 10 changes to be undone stepwise.
- Any changes held in the Undo button will be deleted when the user leaves the Permissions sub-view is left.
- The Redo button changes the Permissions permissions tree back to the its initial state when the Permissions sub-view was is displayed.
- The state held with the Redo button is deleted when a user leaves the Permissions sub-view is left.
- Clicking on the middle of a Permission icon will grant the Permission for the current Role.
- Granted Permissions have a blue background and are by default recursive.
- The "+" and "-" symbols at the right edge of each permission icon open and close child branches.
- The "-" and "+" symbols at the left edge of each permission icon are used to recursively revoke permissions that are located deeper in the permissions tree.
- Permissions that are affected by revoked permissions are displayed with a gray background
- Explanation:
- The List EditorA list editor is available as displayed with the following screenshot:
- Explanation:
- Individual Permissions can be modified and removed from the Role using the pencil and X symbols that are blended in when the user's mouse is moved over a Permission:
- The Edit function allows the Permission to be made subtractive - i.e. for permission granted at a higher level to be removed.
- The Folder part of the view is for restricting the Role to accessing particular Folders - and thereby particular workflow.
- Explanation:
...
It is often easier to create Manage new Roles, assign Permissions or Folders to these Roles and then create new User Accounts and assign Roles to them.
...
Create a new Role
- Roles are created in from the Manage Roles sub-view using the Add Role button:
- Once a Role the role has been created it will be added automatically added to the list of Roles roles displayed in the background of the above screenshotpage.
Configure Permissions and/or Folders for
...
a Role
- Now expand the Role using the arrow button click on the default (blue link) to add Permissions and/or Folders in the Permissions tab sub-view. The Procedures procedures available for adding and editing Permissions and Folders are described in managing permissions and folders are explained with the Editing User Permissions and Folders sections below.
- Note that Roles roles that neither have Permissions or Folders assigned to them permissions nor folders assigned are deleted automatically when a user leaves the Manage Identity Service view is left page.
Create a new User Account
...
In this configuration, the demo_role role will not yet have any Permissions that are specific to the controller2.2.0. At least one Permission needs to be added before the controller2.2.0 - demo_role configuration will be permanently saved.
...
- default Permissions:
sos:products:controller:view
- Master-specific Permissions:
sos:products:controller:agents:view
The dashboard Dashboard view for all controllers Controllers in the environment will show display the status of the current controller Controller but the status of Agent Clusters will only be shown for the specified controller - in this case controller2.2.0.
...
Folders are used to restrict access to objects such as workflows and schedules. For example, users user accounts can be restricted to access objects for particular mandators / clients only.
By default permissions are granted for all folders. However, Roles roles can be restricted limit access to access specific folders only.
This is achieved by adding a Folder Permission, i.e. permissions to view the content of a specific folder only. With a Folder Permission being in place the permission to access other folders is automatically revoked.
Granting Folder Permissions
Folder Permissions permissions are granted in from the Permissions sub-view. Note that before Folder Permissions folder permissions can be assigned a Rolerole, the Role role has to be specified for a Useruser account. In the below example below, a test user account and demo_role have already role have been configured and the demo folder has been created on in the file systeminventory.
To open the Permissions sub-view for a specific role, first open the Manage Identity Services page for JOCthe respective Identity Service, switch to the Roles sub-view and select the role that should be assigned folder permissions. For assignment click the name of the role in the list of rRolesroles.
Click the Add Folders button and in the Add Folders popup the popup window select a root level folder or a sub-folder such as /demo/*. or demo/.
Check the Recursive checkbox in the Add Folder popup window if recursive access to sub-folders is required and click the Submit button.
Any user account that is assigned the demo_role will be able to access scheduling objects in the demo folder only.
Note that the test user will user account will be able to log in to the JOC Cockpit without being assigned a role, however, no menu items and no functionality is offered from the GUI. A minimum permission is required e.g. by a role that grants the following permission:
...
Overview
Content Tools