Difference between revisions of "Permissions"
m (→Owner) |
(Update heading levels) |
||
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Welcome_to_Veloopti|Home]] > [[:Category:Administration|Administration]] > [[:Category:User Administration|User Administration]] > [[Permissions|Permissions]] | ||
+ | |||
== Overview == | == Overview == | ||
+ | A central design point of Veloopti security is that no user has permission to perform any operation unless they have been specifically granted it. The purpose of granting a permission is to enable a user to perform a specific action. Permissions either extend globally to the whole of Veloopti, or locally to a single application. Each application has total control of its own permissions and they do not interfere with another application. | ||
+ | |||
+ | == Design considerations == | ||
+ | A central design point of Veloopti permissions is to empower the owner of an application to have everything they need to monitor their application. They should be able to write and deploy any monitoring for their application without being interfered by another application. | ||
+ | |||
+ | |||
+ | |||
+ | == Roles and permissions == | ||
+ | Permissions are bundled together and can appear in one or more roles. | ||
+ | |||
+ | |||
+ | Global permissions and application permissions | ||
+ | Global permissions reach to the entire Veloopti organisation and can extend into every application. Application permissions exist only in the application. | ||
== Global permissions == | == Global permissions == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | AGENTS | |
− | {| | + | ---- |
− | + | {| | |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Install | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can install an agent on a computer by providing their username and password. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Upgrade | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can initiate an agent to upgrade | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | | | + | | Restart |
+ | | The users can stop an start the Veloopti agent | ||
|- | |- | ||
− | + | | [[file:slider_right.png|30px]] | |
− | | | + | | Create installation token |
+ | | The user can create an installation token that can be used to install an agent that does not require a username and password. | ||
|- | |- | ||
|} | |} | ||
− | {| | + | |
− | + | ||
+ | APPLICATIONS | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | List all | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to view the complete list of applications in the application list view. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View all | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to enter all applications in the application list view. This gives the user a read only view of the Dashboards, users and nodes in the application. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Create and Rename | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create a new application and rename an existing one | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Change application owner | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can change an application owner to another user. | ||
+ | NOTE: This permission allows the user to assume full rights over any application. As the Owner of an application is the only user that is able to delete an application that means that this permission is also the "Delete Application" permission. | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | EVENTS | ||
+ | |||
+ | ---- | ||
+ | |||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray; | "View all | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray; | "The user can view all events for all applications | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage all | |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can change the status and set the event to closed | |
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
− | | [ | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View internal Veloopti events |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | User can view events that have been created internally by Veloopti agents. These can be used to help diagnosing agent issues. |
− | | | ||
− | | | ||
− | | | ||
− | |||
|- | |- | ||
|} | |} | ||
− | |||
− | + | LOGS | |
− | {| | + | ---- |
− | + | {| | |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Audit Logs | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view the logs that are created any time a change is made in Veloopti | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Notification Logs |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view the logs that are created any time a notification is sent. | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | | [[ | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Security Logs |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view logs that are created any time a user does something in Veloopti. This included logon and logout activities. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Billing Logs | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view the logs that relate to billing | ||
|- | |- | ||
|} | |} | ||
− | {| | + | |
− | + | ||
+ | NODES | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View all | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view all nodes in the node list. They also can view the node properties. | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Deploy policies | |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can deploy all application policies to nodes whether they have access to the application or not. | |
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
− | | [ | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add Node to Applications |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add a node to any application in the organisation. | |
− | | style=" | + | NOTE: The user does not need to have permission to view the application to add it. |
− | | style=" | ||
− | |||
− | |||
|- | |- | ||
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
− | | [ | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Relabel Nodes |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to change the label of the node | ||
|- | |- | ||
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
− | | [ | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Remove Nodes |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to remove the node from the organisation | ||
|- | |- | ||
|} | |} | ||
− | |||
− | |||
− | + | ORGANISATION | |
− | {| | + | ---- |
− | + | {| | |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Node Billing Plan | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to change the billing plans for any node that they can see | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Organisation Billing Details |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to view the invoices for the organisation | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | | [[ | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Extra Details |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | x | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Change Default Settings | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can change the organisation default settings of: Language; Time Zone and Default new node plan. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Schedules | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can change the schedules | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add Users to Global and Application Roles | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | User can add and remove users in Global and Application roles. | ||
+ | NOTE: The user needs to be granted access to the application before they can add or remove users from the applications roles. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Edit Global and Application Role Permissions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | User can edit a role by adding or removing permissions from it. They also can create new roles. | ||
+ | NOTE: The user needs to be granted access to the application before they can add or remove permissions from the applications roles. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Auto Discovery | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can manage the auto discovery options for discovering application on computers | ||
|- | |- | ||
|} | |} | ||
− | {| | + | |
− | + | ||
+ | STORM RULES | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View All | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view storm rules | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage All | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create and edit storm rules | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | POLICIES | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage all | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Allows the user full permissions to policies for any application that they are able to view. Can be used in conjunction with the application "View all" global permission to empower a user to enter any application and modify the policies. | ||
+ | |} | ||
+ | |||
+ | |||
+ | USERS | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add Users to Global Roles | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add and remove users from global roles | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Invite User to Organisation | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can send an invitation to an external email address to add them to their organisation | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Remove User from Organisation | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can remove any user, except for the organisation owner, from the organisation | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Active User Sessions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view active user sessions for all users | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Expired User Sessions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view expired user sessions for all users | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Kill any Users Session | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can kill any users active session. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add User to Application | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add another user to any application that they can view | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add / Remove user from Application User Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add or remove a user from an application user group that they can view | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add Other Users to this Role | |
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Allows any member of the role to add another user to the role. This means that the members of the role are able to self manage rather than having to rely on someone with the Global "Assign User to Global Role" role. | |
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |} |
− | | [ | + | |
− | + | ||
− | | style=" | + | DASHBOARDS |
− | | style=" | + | |
− | + | ---- | |
− | + | {| | |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage all | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Can be used in conjunction with the application "View all" global permission to empower a user to enter any application and modify the dashboards. | ||
|- | |- | ||
|} | |} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Application permissions == | == Application permissions == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | {| | + | ACTIONS |
− | + | ||
− | | | + | ---- |
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View all actions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view all of actions in the application | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Run Operator Actions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can run actions that have an operator level permission. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Run Power User Actions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can run actions that have a Power User level permission. | ||
+ | Note: This does not mean that users have permission to run an operator level action. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Run Administrator Actions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | User can run actions that have an Administrator level permission. | ||
+ | Note: This does not mean that users have permission to run an Operator or Power User level action. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Actions | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to create, edit and delete actions. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Assign Action to Action Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add actions to actions group. This allows the action to be available to be run on any node in the application. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Groups | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add and remove action groups | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | EVENTS | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Events | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can view events for the application | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Edit Event Description | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can change the event description for an open event. | ||
+ | NOTE: Under no circumstances can the description for a closed event be changed. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Change Event Severity | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can change the event severity for an open event. | ||
+ | NOTE: Under no circumstances can the severity for a closed event be changed. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Run Action from Event | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user is able to run an action on a node from an event. | ||
+ | NOTE: The user also needs to have the run Operator/Power User/Administrator permission in order for the action to be available to them. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Close Events | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | User can close an open event. | ||
+ | NOTE: Once an event is closed it cannot be re-opened. | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | NODES | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Node Groups | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add and remove node groups | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add Node to Node Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add a node to a node group | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Link Policy Group to Node Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can link a policy group to a node group | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Link Action Group to Node Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can link an action group to a node group | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Remove Node from Application | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can remove a node from an application | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Run action from Node | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Users can run an action on a node. | ||
+ | NOTE: The user also needs to have the run Operator/Power User/Administrator permission in order for the action to be available to them. | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | POLICIES | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | View Policies | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can see all policies in the policies list and open them | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Policies | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create, edit and delete policies | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Policy Groups | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create and delete policy groups. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add Policy to Policy Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add policies to policy groups | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | List Policies on a Node | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can see the policies that have been deployed to a node | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Deploy Policies | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can deploy policies | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Assign Action to Policy | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can assign an action to a policy. | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Node Overrides | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add a node override for a policy. This enables the node to have different thresholds from the policy defaults. | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | USERS | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage User Groups | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create and delete user groups | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add User to User Group | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create and delete user groups | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add / Remove user to Application | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can add and remove users from the application | ||
+ | |- | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Add User to Application Role | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | User can add other users to application roles | ||
|- | |- | ||
− | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | |
− | | | + | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Edit Application Role Permissions |
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create, edit and delete application roles | ||
|- | |- | ||
|} | |} | ||
+ | |||
+ | |||
+ | DASHBOARDS | ||
+ | |||
+ | ---- | ||
+ | {| | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | [[file:slider_right.png|30px]] | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | Manage Dashboards | ||
+ | | style="vertical-align:top;border-bottom:0.5px solid gray;" | The user can create, edit and delete dashboards | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | == Other permissions == | ||
+ | === Owner === | ||
+ | |||
+ | After creating an organistion the user is given both the roles of Owner and Billing Administrator. The role of Owner has permanent permissions that cannot be modified. The role of Owner cannot be renamed or deleted. The Owner is able to select another user to replace them and replace them as the Owner. The selected user is then able to accept or reject the role of Owner. If the new user accepts the role of Owner then any previous Owner is not able to select themselves to take the role of Owner again. Once the role of Owner is given and received to another user it cannot be changed except by the current Owner. If the use account that has the role of owner is somehow lost then contact Veloopti. The Owner always has access to the below permissions. | ||
+ | |||
{| class="wikitable" style="text-align: left; color: black;" | {| class="wikitable" style="text-align: left; color: black;" | ||
− | |||
|- | |- | ||
! Permissions | ! Permissions | ||
! URL | ! URL | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
| Change Owner | | Change Owner | ||
− | | [https:// | + | | [https://ap2.veloopti.com.au/organisation/index/special ap2.veloopti.com.au/organisation/index/special] |
− | |||
− | |||
− | |||
− | |||
| | | | ||
|- | |- | ||
| Change Billing Administrator | | Change Billing Administrator | ||
− | | [https:// | + | | [https://ap2.veloopti.com.au/organisation/index/special ap2.veloopti.com.au/organisation/index/special] |
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | | Edit Global and Application Role Permissions |
− | | [https:// | + | | [https://ap2.veloopti.com.au/permissions ap2.veloopti.com.au/permissions] |
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | | Add Users to Global and Application Roles |
− | | [https:// | + | | [https://ap2.veloopti.com.au/roles/index/ ap2.veloopti.com.au//roles/index/] |
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|} | |} | ||
=== Billing Administrator === | === Billing Administrator === | ||
+ | |||
+ | |||
+ | [[Category:User Administration]] [[Category:Users]] |
Latest revision as of 17:41, 16 September 2020
Home > Administration > User Administration > Permissions
Contents
1 Overview
A central design point of Veloopti security is that no user has permission to perform any operation unless they have been specifically granted it. The purpose of granting a permission is to enable a user to perform a specific action. Permissions either extend globally to the whole of Veloopti, or locally to a single application. Each application has total control of its own permissions and they do not interfere with another application.
2 Design considerations
A central design point of Veloopti permissions is to empower the owner of an application to have everything they need to monitor their application. They should be able to write and deploy any monitoring for their application without being interfered by another application.
3 Roles and permissions
Permissions are bundled together and can appear in one or more roles.
Global permissions and application permissions
Global permissions reach to the entire Veloopti organisation and can extend into every application. Application permissions exist only in the application.
4 Global permissions
AGENTS
APPLICATIONS
EVENTS
LOGS
NODES
ORGANISATION
STORM RULES
View All | The user can view storm rules | |
Manage All | The user can create and edit storm rules |
POLICIES
USERS
DASHBOARDS
Manage all | Can be used in conjunction with the application "View all" global permission to empower a user to enter any application and modify the dashboards. |
5 Application permissions
ACTIONS
EVENTS
NODES
POLICIES
USERS
DASHBOARDS
Manage Dashboards | The user can create, edit and delete dashboards |
6 Other permissions
6.1 Owner
After creating an organistion the user is given both the roles of Owner and Billing Administrator. The role of Owner has permanent permissions that cannot be modified. The role of Owner cannot be renamed or deleted. The Owner is able to select another user to replace them and replace them as the Owner. The selected user is then able to accept or reject the role of Owner. If the new user accepts the role of Owner then any previous Owner is not able to select themselves to take the role of Owner again. Once the role of Owner is given and received to another user it cannot be changed except by the current Owner. If the use account that has the role of owner is somehow lost then contact Veloopti. The Owner always has access to the below permissions.
Permissions | URL | |
---|---|---|
Change Owner | ap2.veloopti.com.au/organisation/index/special | |
Change Billing Administrator | ap2.veloopti.com.au/organisation/index/special | |
Edit Global and Application Role Permissions | ap2.veloopti.com.au/permissions | |
Add Users to Global and Application Roles | ap2.veloopti.com.au//roles/index/ |