|
|
Line 435: |
Line 435: |
| |} | | |} |
| | | |
| + | == Other permissions == |
| === Owner === | | === Owner === |
| | | |
Latest revision as of 17:41, 16 September 2020
Home > Administration > User Administration > Permissions
1 Overview
A central design point of Veloopti security is that no user has permission to perform any operation unless they have been specifically granted it. The purpose of granting a permission is to enable a user to perform a specific action. Permissions either extend globally to the whole of Veloopti, or locally to a single application. Each application has total control of its own permissions and they do not interfere with another application.
2 Design considerations
A central design point of Veloopti permissions is to empower the owner of an application to have everything they need to monitor their application. They should be able to write and deploy any monitoring for their application without being interfered by another application.
3 Roles and permissions
Permissions are bundled together and can appear in one or more roles.
Global permissions and application permissions
Global permissions reach to the entire Veloopti organisation and can extend into every application. Application permissions exist only in the application.
4 Global permissions
AGENTS
|
Install
|
The user can install an agent on a computer by providing their username and password.
|
|
Upgrade
|
The user can initiate an agent to upgrade
|
|
Restart
|
The users can stop an start the Veloopti agent
|
|
Create installation token
|
The user can create an installation token that can be used to install an agent that does not require a username and password.
|
APPLICATIONS
EVENTS
|
"View all
|
"The user can view all events for all applications
|
|
Manage all
|
The user can change the status and set the event to closed
|
|
View internal Veloopti events
|
User can view events that have been created internally by Veloopti agents. These can be used to help diagnosing agent issues.
|
LOGS
|
View Audit Logs
|
The user can view the logs that are created any time a change is made in Veloopti
|
|
View Notification Logs
|
The user can view the logs that are created any time a notification is sent.
|
|
View Security Logs
|
The user can view logs that are created any time a user does something in Veloopti. This included logon and logout activities.
|
|
View Billing Logs
|
The user can view the logs that relate to billing
|
NODES
ORGANISATION
STORM RULES
|
View All
|
The user can view storm rules
|
|
Manage All
|
The user can create and edit storm rules
|
POLICIES
|
Manage all
|
Allows the user full permissions to policies for any application that they are able to view. Can be used in conjunction with the application "View all" global permission to empower a user to enter any application and modify the policies.
|
USERS
|
Add Users to Global Roles
|
The user can add and remove users from global roles
|
|
Invite User to Organisation
|
The user can send an invitation to an external email address to add them to their organisation
|
|
Remove User from Organisation
|
The user can remove any user, except for the organisation owner, from the organisation
|
|
View Active User Sessions
|
The user can view active user sessions for all users
|
|
View Expired User Sessions
|
The user can view expired user sessions for all users
|
|
Kill any Users Session
|
The user can kill any users active session.
|
|
Add User to Application
|
The user can add another user to any application that they can view
|
|
Add / Remove user from Application User Group
|
The user can add or remove a user from an application user group that they can view
|
|
Add Other Users to this Role
|
Allows any member of the role to add another user to the role. This means that the members of the role are able to self manage rather than having to rely on someone with the Global "Assign User to Global Role" role.
|
DASHBOARDS
|
Manage all
|
Can be used in conjunction with the application "View all" global permission to empower a user to enter any application and modify the dashboards.
|
5 Application permissions
ACTIONS
EVENTS
|
View Events
|
The user can view events for the application
|
|
Edit Event Description
|
The user can change the event description for an open event.
NOTE: Under no circumstances can the description for a closed event be changed.
|
|
Change Event Severity
|
The user can change the event severity for an open event.
NOTE: Under no circumstances can the severity for a closed event be changed.
|
|
Run Action from Event
|
The user is able to run an action on a node from an event.
NOTE: The user also needs to have the run Operator/Power User/Administrator permission in order for the action to be available to them.
|
|
Close Events
|
User can close an open event.
NOTE: Once an event is closed it cannot be re-opened.
|
NODES
POLICIES
|
View Policies
|
The user can see all policies in the policies list and open them
|
|
Manage Policies
|
The user can create, edit and delete policies
|
|
Manage Policy Groups
|
The user can create and delete policy groups.
|
|
Add Policy to Policy Group
|
The user can add policies to policy groups
|
|
List Policies on a Node
|
The user can see the policies that have been deployed to a node
|
|
Deploy Policies
|
The user can deploy policies
|
|
Assign Action to Policy
|
The user can assign an action to a policy.
|
|
Manage Node Overrides
|
The user can add a node override for a policy. This enables the node to have different thresholds from the policy defaults.
|
USERS
|
Manage User Groups
|
The user can create and delete user groups
|
|
Add User to User Group
|
The user can create and delete user groups
|
|
Add / Remove user to Application
|
The user can add and remove users from the application
|
|
Add User to Application Role
|
User can add other users to application roles
|
|
Edit Application Role Permissions
|
The user can create, edit and delete application roles
|
DASHBOARDS
|
Manage Dashboards
|
The user can create, edit and delete dashboards
|
6 Other permissions
6.1 Owner
After creating an organistion the user is given both the roles of Owner and Billing Administrator. The role of Owner has permanent permissions that cannot be modified. The role of Owner cannot be renamed or deleted. The Owner is able to select another user to replace them and replace them as the Owner. The selected user is then able to accept or reject the role of Owner. If the new user accepts the role of Owner then any previous Owner is not able to select themselves to take the role of Owner again. Once the role of Owner is given and received to another user it cannot be changed except by the current Owner. If the use account that has the role of owner is somehow lost then contact Veloopti. The Owner always has access to the below permissions.
6.2 Billing Administrator