Page History
...
Views are available for roles and and permissions. Graphical and Textual Permission views Views are available.
Roles View
From the list of Identity Services user can click the name of an Identity Service:
...
Additional links can be added by use of the Add Controller button. Such links are used to manage permissions that are specific for a Controller.
| Anchor | ||||
|---|---|---|---|---|
|
The view allows graphical navigation and selection of permissions and is the default view for permissions of a given role:
- Explanation:
- Navigation
- The Expand All and Collapse All buttons open and close any child branches.
- The Expand Active and Collapse Active buttons open and close child branches with granted or denied permissions.
- The
+and-icons at the right edge of each permission icon open and close child branches.
- States and Colors
- Permissions show the following background colors to indicate their state:
- White: Permission is not assigned, i.e. is not granted and is not denied.
- Dark Blue: Permission is granted and the grant is inherited to child permissions recursively.
- Light Blue: Permission is inherited from a granted parent permission.
- Dark Grey: Permission is denied and the denial is inherited to child permissions recursively..
- Light Grey: Permission is inherited from a denied parent permission.
- Granting Permissions
- Clicking the middle of an unassigned (white) permission grants the permission (dark blue).
- Clicking the middle of a granted permission revokes the grant and puts the permission to the unassigned state (white).
- Denying Permissions
- The
+icon inside a permission icon denies the permission (dark grey) recursively for child permissions that are located deeper in the permissions tree (light grey). - A denied permission shows the
-icon, clicking this icon revokes the denial and puts the permission to the unassigned state.
- The
- Permissions show the following background colors to indicate their state:
- Undo/Redo
- Changes to the permissions tree are stored to the JS7 database.
- The Undo button allows the last 10 changes to be undone stepwise.
- Any changes held in the Undo button will be deleted when the user leaves the Permissions sub-view.
- The Redo button changes the permissions tree back to its initial state when the Permissions sub-view is displayed.
- The state held with the Redo button is deleted when a user leaves the Permissions sub-view.
- Navigation
| Anchor | ||||
|---|---|---|---|---|
|
The view acts as an alternative to the Graphical Permissions View and displays permissions from a list of textual entries.
The right upper corner of the Permissions sub-view offers to toggle between graphical view and textual viewGraphical and Textual Permissions View.
- Explanation:
- Individual permissions can be modified and can be removed from a role using the pencil and X icons that are faded in when the user's mouse is moved over a permission.
- The Edit function allows the permission to be made subtractive, i.e. for permission granted at a higher level to be removed.
- The folder part of the view is used to restrict the role to access particular folders only - this includes that any scheduling objects such as workflows are visible from the assigned folder only.
...
sos:products:joc:administration:controller:view
Assignment Operations
| Anchor | ||||
|---|---|---|---|---|
|
Graphical Permissions View
Permissions are added by clicking the respective permission icon in the Graphical Permissions View:
Unassigned Permission
The white background color indicates that the permission is not assigned, i.e. is not granted and is not denied.
Clicking the middle of an unassigned (white) permission grants the permission (dark blue).
Granted Permission
A dark blue background color indicates that the permission is granted and that the grant is inherited to child permissions recursively.
Clicking the middle of a granted permission revokes the grant and puts the permission to the unassigned state (white).
Denied Permission
The dark grey background color indicates that the permission is denied and that the denial is inherited to child permissions recursively..
Clicking the - of a denied permission revokes the denial and makes it a granted permission (dark blue). Clicking once again makes it an unassigned permission (white).
Textual Permissions View
The Add Permission button in the Permissions sub-view allows to select permissions from a list as explained below.
- Note that specific permissions are used from a list. Users can modify permissions to a more global or to a more specific scope.
- For example, with the below screenshot the
...administration:controller:viewsos:products:joc:get_logpermission is selectedassigned:
- Additive Permissions: by default selected permissions are granted, i.e. they add to the permission set of a role.
- Subtractive Permissions: selected permissions can be are denied to remove a specific part of a more global permission. This is achieved by use of the Excluded checkbox.
- For example, with the below screenshot the
| Anchor | ||||
|---|---|---|---|---|
|
Graphical Permissions View
See explanations how to Add Permissions
...
.
Textual Permissions View
Permissions can be modified by moving the mouse to one of the permissions displayed:
When the mouse is hovering the permission then the following editing icons are displayed:
Explanation:
- The pencil icon is displayed to offer modification of the permission.
- The X icon can be used
- The pencil symbol is displayed for any permissions in the Permissions view
- can be used to change the function of a Permission in a Role - to make an additive Permission subtractive and vice-versa. It cannot be used to edit a Permission. The X symbol displayed alongside existing permissions in the Permissions sub-view is used
- to remove a permission from a role.
- Note that a role must be configured to be assigned either a permission or a folder as otherwise the role is considered empty and will be deleted.
- Note that if a user account is not assigned the following permission (or a permission from a higher level) then this user account will not be able to login to JOC Cockpit:
sos:products:joc:administration:controller:view
- The Expand All button (shown in the above screenshot) can be used to open all the tree elements.
- Navigation is carried out by dragging & dropping the tree view.
- The functions available for the tree elements are (with reference to the screenshot below):
- Select / Unselect a Permission - click on the body of an unselected / selected element
- Selected Permission elements are shown in blue (see the view element in the screenshot)
- Children of selected Permission elements are shown in light blue (as shown in the screenshot)
- Select / Unselect a Permission - click on the body of an unselected / selected element
- Deny a Permission - click on the plus sign at the left hand end of the element
- Revoke a Permission Denial - click on a - sign at the left hand end of the element
- Show / hide child elements - click on the + / - symbols at the right edge of an element
- In the following screenshot the administration element has been selected, automatically selecting the administration:accounts, administration:certificates, administration:controllers, administration:customization, administration:settings In addition, the controllers:manage child permission has been denied, resulting in the fact that the controllers:view is active only.
Graphical Permission Editing:
The graphical view is activated by selecting the 'tree' symbol at the top right corner of the Permissions sub-view:The editor opens with a partially collapsed permissions tree as shown in the next screenshot:
When clicking the pencil icon then the following popup window opens:
This allows to switch the permission or to make it an Additive Permission or Subtractive Permission depending on the Excluded checkbox.
Manage Permissions specific for a Controller
...
Overview
Content Tools