Contents
1 Overview
A central design point of Veloopti security is that no user has permission to perform any operation unless they have been specifically granted it. The purpose of granting a permission is to enable a user to perform a specific action. Permissions either extend globally to the whole of Veloopti, or locally to a single application. Each application has total control of its own permissions and they do not interfere with another application.
2 Design considerations
A central design point of Veloopti permissions is to empower the owner of an application to have everything they need to monitor their application. They should be able to write and deploy any monitoring for their application without being interfered by another application.
3 Roles and permissions
Permissions are bundled together and can appear in one or more roles.
Global permissions and application permissions
Global permissions reach to the entire Veloopti organisation and can extend into every application. Application permissions exist only in the application.
4 Global permissions
AGENTS
APPLICATIONS
EVENTS
LOGS
NODES
ORGANISATION
STORM RULES
View All | The user can view storm rules | |
Manage All | The user can create and edit storm rules |
POLICIES
USERS
DASHBOARDS
Manage all | Can be used in conjunction with the application "View all" global permission to empower a user to enter any application and modify the dashboards. |
5 Application permissions
ACTIONS
EVENTS
NODES
Manage Node Groups | x | |
Add Node to Node Group | x | |
Link Policy Group to Node Group | x | |
Link Action Group to Node Group | x | |
Remove Node from Application | x | |
Run action from Node | x |
POLICIES
View Policies | x | |
Manage Policies | x | |
Manage Policy Groups | x | |
Add Policy to Policy Group | x | |
List Policies on a Node | x | |
Deploy Policies | x | |
Assign Action to Policy | x | |
Manage Node Overrides | x |
USERS
Manage USer Groups | x | |
Add User to User Group | x | |
Add / Remove user to Application | x | |
Add User to Application Role | x | |
Edit Application Role Permissions | x |
DASHBOARDS
Manage Dashboards | x |
5.1 Owner
The role of owner has permanent permissions that cannot be revoked. Even if all roles are lost to everyone else the owner is still able to access the ones below. Once the role of owner is given to another user it cannot be taken back. If the role of owner is somehow lost to an organisation then contact Veloopti.
Description | Location | |||||
---|---|---|---|---|---|---|
Permissions | URL | Global options | Context options | Item options | Button | Other |
Change Owner | ap1.veloopti.com.au/organisation/index/special | Yes | ||||
Change Billing Administrator | ap1.veloopti.com.au/organisation/index/special | Yes | ||||
Edit Global and Application Role Permissions | ap1.veloopti.com.au/permissions | Menu item | ||||
Add Users to Global and Application Roles | ap1.veloopti.com.au//roles/index/ | Menu item |