Roles and Permissions: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
Line 1: Line 1:
<h2>Finest weight loss pills</h2>
QPR ProcessAnalyzer has a role-based access control, where all operations require appropriate rights in order to be executable. Rights are given to ''users'' and ''groups''' by assigning ''roles'' to them. Roles are a collection of ''permissions''. Permissions are fixed in QPR ProcessAnalyzer allowing certain operations to be done. Some roles are ''project roles'' meaning that role (and its permissions) is applicable only for that project. Roles can also be ''global'' which gives rights to all projects in the system. Users belonging to a group, have all the roles assigned to that group.


== Roles and Their Permissions ==
By default, QPR ProcessAnalyzer system contains roles that are shown in the following table (roles are as columns). The roles have been mapped to certain ''permissions'' that are also shown in the following table (permissions are as rows).


Guar gum is undoubtedly an intriguing event of ways to aid. It truly is explained to give a sense of fullness on the man or woman digests - and made use of for a thickening agent for foods and prescribed drugs. Discuss about innovative purposes! It is usually considered to help you weight loss process by endorsing the appropriate operating of your digestive program. A regulated procedure, in fact, is very important when you're endeavoring to eliminate excess fat, and many other herbs might help with this, which include the licorice plant, and that is useful for calming the gastrointestinal tract.  
{| style="color:black; cellpadding="10" class="wikitable"
!scope="row" colspan="2"| ||!scope="row" colspan="3"|Global roles||!scope="row" colspan="4"|Project roles
|-
!Permission||Allowed operations||Administrator||Create models||SQL Scripting||Administrator||Designer||Analyzer||Viewer
|-
||'''View dashboards'''<br>(GenericRead)||
* View project's and model's information (name, description, configuration etc.)
* List datatables and view their contents
* Open dashboards (queries made by the dashboards are still restricted by the permissions)
* Run analyses for model and view the analysis results
* See own private filters, all published filters and the model default filter (not allowed to create/modify/delete filters)
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]
|-
||'''Save filters'''<br>(Filtering)||
* Create, modify and delete own filters (private and public, but not model default)
* Publish own private filters for other users (but not set the model default filter). Published filters are still user's own, so other users cannot modify them.
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||
|-
||'''Design dashboards'''<br>(EditDashboards)||
* Create, modify and delete dashboards (as a project role, dashboards in the assigned project; as a global role, all dashboards).
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||
|-
||'''Import data'''<br>(GenericWrite)||
* Edit model settings (but not possible to create or delete models)
* Import data to datatables (either directly or import to a model which uses datatables)
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||||
|-
||'''Manage filters'''<br>(ManageViews)||
* View, create, modify and delete all filters in the model (also other users' private filters).
* Set the model default filter.
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]|| || ||
|-
||'''Manage project'''<br>(ManageProject)||
* Modify project information (name and description) (also ''GenericRead'' permission is needed)
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]|| || ||
|-
||'''Delete models'''<br>(DeleteModel)||
As a project specific permission:
* Moving model to recycle bin (soft deleting) (also project specific ManageProject permission is needed)
* Delete datatables (for datatables deletion is always permanent)
As a global permission:
* Permanently deleting models and projects (remove from the recycle bin) (also global ManageProject permission is needed)
||[[File:Tick.gif|center]]|| || ||[[File:Tick.gif|center]]|| || ||
|-
||'''Manage scrips'''<br>(ManageScripts)||
* As a project role, create, modify and delete scripts in ''project'' and ''model'' context.
* As a global role, create, modify and delete all scripts.


This permission to be effective requires also the RunScript permission.
||[[File:Tick.gif|center]]
|| || ||[[File:Tick.gif|center]]|| || ||
|-
||'''Manage operations'''<br>(ManageOperations)||
* View the [[QPR_ProcessAnalyzer_Logs#Task_Log|Task log]]
* Terminate in progress tasks run by any user
||[[File:Tick.gif|center]]|| || || || || ||
|-
||'''Manage users'''<br>(ManageUsers)||
* Administrate users and groups, e.g. create new users and groups, and add users to groups.
||[[File:Tick.gif|center]]|| || || || || ||
|-
||'''Create model'''<br>(CreateModel)||
* Create projects, models and datatables. When a project is created, the creator gets project Administrator role for the project (giving full permissions to the project).
||[[File:Tick.gif|center]]||[[File:Tick.gif|center]]||||||||||
|-
||'''SQL scripting'''<br>(RunScripts)||
* View scripts code and other script properties (with additional restrictions listed below)
* Run scripts (with additional restrictions listed below)


The rights depend also in which of the following '''contexts''' the script is located:
* '''project''': To view scripts that are in ''project'' context, user needs to have the ''GenericRead'' for the project.
* '''system''': All users with ''RunScripts'' can see scripts in the ''system'' context.
|||| ||[[File:Tick.gif|center]]|||| || ||
|}


<h2>Phentermine Weight Loss Hazards</h2>
== User Management Concepts ==


The instant you start using this prescript, you might have to maintain in your mind that this drug ought to only be consumed for any constrained period of time for loosing excess weight intensively. There are a selection of health care gurus who believe this prescript is actually a sort of managed drug. So if you need to buy for [http://phentermine375truth.com/ phentermine 37.5]you may need to check out and get a proper recipe from a qualified medical expert. The drug is usually offered as phentermine adipex and phentermine 37.5 recipe drug.
[[File:User management schema.png|right|800px]]


User management in QPR ProcessAnalyzer is based on the following concepts (which are also illustrated in the diagram on the right):
* '''User''': Each person using the system should have an own user account. When a successful authentication has been made a ''session'' is created for a certain user. In addition to groups, roles can be assigned directly to users.
* '''Group''': Group contain selected roles and also selected users are assigned to the group, giving the roles to those users. Groups make managing users easier.
* '''Role''': Role contains specific permissions and thus giving certain kind of rights in the system. There are commonly used roles available in QPR ProcessAnalyzer, and additionally new roles can be created for customized use cases. Roles can be divided into two types:
** '''Global role''' are used to give rights in the entire QPR ProcessAnalyzer system.
** '''Project role''' are used to give rights in a certain project. When assigning projects roles, the project is also defined.
* '''Permission''': Permission defines what user can do (e.g. read, create, modify, delete) to certain kinds of objects. Permissions are fixes in the system, i.e. new permissions cannot be added by users.


<h2>adipex</h2>
The diagram also includes term ''role assignment'' which links one user/group (either of those), one project, and one role together.


No one suggests a fad diet or dieting, but deciding upon portioned foods may be an effective tactic. Start off with 5 little sized meals within a dayapart from breakfast, lunch and dinner; consist of snacks among them. Introduce meals which might be natural and healthful for body. This may assist you to stay during the suitable path. For the other hand, junk meals, higher sugar and calorie foods certainly will sabotage your initiatives. At the moment adipex would also not work within the right efficient fashion appropriately.For additional excellent info on you lose weight and information look into with  http://www.healthyonlines.com/healthy-weight-loss/86857.html
(In the diagram, ''0..N'' means that an entity is linked to none, one or several other entities, ''1..N'' means that an entity is linked one or several other entities, and ''1'' means that the linkage is always to a single entity.)


Selecting Adipex in live performance with other nutritious consuming strategy medication those people as fenfluramine (Phen-Fen) or dexfenfluramine (Redux) may result in a weird lethal lung condition identified as pulmonary hypertension. Don't carry Adipex with any other diet medicines without having obtaining your physicians recommendation. Get the missed dose as swiftly when you recall. Whether it is pretty much time for your personal subsequent dose, skip the missed dose and take on the cures at your up coming frequently planned time. Tend not to deliver added treatment options to make up the missed dose. Evade consuming alcohol. It may optimize many of the part final results of Adipex. Adipex will bring about piece outcomes which will potentially impair your looking at or reactions. Be pretty very careful if youdriveor do anything at all that calls for you to generally be awake and inform.
== Dashboard Permissions ==
* View dashboard: '''EditDashboards''' for the project.
* Create dashboard: '''EditDashboards''' for the project.
* Edit dashboard: '''EditDashboards''' for the project.
* Move dashboard: '''EditDashboards''' for the original project and for the target project.
* Delete dashboard (permanently): '''EditDashboards''' for the project.
 
== Model Permissions ==
* View model: '''GenericRead''' for the project.
* Create model: '''GenericRead''' and '''GenericWrite''' for the project and global '''CreateModel'''.
* Change model properties (e.g. name): '''GenericRead''' and '''GenericWrite''' for the project.
* Move model:  '''GenericRead''' and '''DeleteModel''' for the source project, and '''GenericRead''' and '''GenericWrite''' for the target project.
* Delete model (to bin): '''GenericRead''' and '''DeleteModel''' for the project.
* Delete model (permanently): global '''DeleteModel'''.
* Copy model: '''GenericRead''' and '''GenericWrite''' for the project and global '''CreateModel'''.
* Initiate model loading: '''GenericRead''' for the project (*).
 
(*) The model loading might also require other permissions, e.g. access to the datatables or permissions required by the commands in the loading script. Models are not loaded using the permissions of the initiating user, but instead models are loaded in the following security context: '''GenericRead''' and '''GenericWrite''' for the project, global '''RunScripts'''. Models might also be loaded automatically during the server startup and this behavior ensures consistency regardless on how the model was loaded.
 
== Project Permissions ==
* View project: '''GenericRead''' for the project. (There are separate permissions for viewing different type of objects in the project.)
* Create project: global '''CreateModel'''.
* Change project properties (e.g. name): '''GenericRead''' and '''ManageProject''' for the project.
* Move project: '''ManageProject''' for the moved project, '''GenericRead''' for the original parent project, and '''CreateModel''' for the target parent project.
* Delete project (to bin): '''ManageProject''' and '''DeleteModel''' for the project.
* Delete project (permanently): global '''DeleteModel''' and '''ManageProject''' permission for the project.
* Copy project: Global '''CreateModel''' permission, and '''GenericRead''' and '''ManageProject''' for the copied project.
 
== Datatable Permission ==
* List datatables, view datatable properties and data contents: '''GenericRead''' for the project.
* Create datatable: '''GenericWrite''' for the project and global '''CreateModel'''.
* Change datatable properties and import data to datatable: '''GenericWrite''' for the project.
* Move datatable between projects: '''GenericWrite''' and '''DeleteModel''' to source project, '''GenericWrite''' for target project, and global '''CreateModel'''.
* Delete datatable (permanently): '''GenericWrite''' and '''DeleteModel''' for the project.
 
== Filter Permissions ==
* View own private filters, all published filters and model default filter: '''GenericRead''' for the project.
* View all filters: '''ManageViews''' for the project.
* Create filter: '''Filtering''' for the project.
* Edit own filter: '''Filtering''' for the project.
* Edit all filters: '''ManageViews''' for the project.
* Publish own filter: '''Filtering''' for the project.
* Publish all filters: '''ManageViews''' for the project.
* Delete own filter (permanently): '''Filtering''' for the project.
* Delete all filters (permanently): '''ManageViews''' for the project.
* Set model default filter: '''ManageViews''' for the project.
 
== Scripting Permissions ==
* View, call and run expression script: '''GenericRead''' for the project.
* Create, edit and delete expression script: '''ManageScripts''' for the project.
* View and run SQL script: global '''RunScripts''' and '''GenericRead''' for the project.
* Create, edit and delete SQL script: global '''RunScripts''' and '''ManageScripts''' for the project.
 
[[Category: QPR ProcessAnalyzer]]

Revision as of 13:25, 27 January 2022

QPR ProcessAnalyzer has a role-based access control, where all operations require appropriate rights in order to be executable. Rights are given to users and groups' by assigning roles to them. Roles are a collection of permissions. Permissions are fixed in QPR ProcessAnalyzer allowing certain operations to be done. Some roles are project roles meaning that role (and its permissions) is applicable only for that project. Roles can also be global which gives rights to all projects in the system. Users belonging to a group, have all the roles assigned to that group.

Roles and Their Permissions

By default, QPR ProcessAnalyzer system contains roles that are shown in the following table (roles are as columns). The roles have been mapped to certain permissions that are also shown in the following table (permissions are as rows).

Global roles Project roles
Permission Allowed operations Administrator Create models SQL Scripting Administrator Designer Analyzer Viewer
View dashboards
(GenericRead)
  • View project's and model's information (name, description, configuration etc.)
  • List datatables and view their contents
  • Open dashboards (queries made by the dashboards are still restricted by the permissions)
  • Run analyses for model and view the analysis results
  • See own private filters, all published filters and the model default filter (not allowed to create/modify/delete filters)
Tick.gif
Tick.gif
Tick.gif
Tick.gif
Tick.gif
Save filters
(Filtering)
  • Create, modify and delete own filters (private and public, but not model default)
  • Publish own private filters for other users (but not set the model default filter). Published filters are still user's own, so other users cannot modify them.
Tick.gif
Tick.gif
Tick.gif
Tick.gif
Design dashboards
(EditDashboards)
  • Create, modify and delete dashboards (as a project role, dashboards in the assigned project; as a global role, all dashboards).
Tick.gif
Tick.gif
Tick.gif
Tick.gif
Import data
(GenericWrite)
  • Edit model settings (but not possible to create or delete models)
  • Import data to datatables (either directly or import to a model which uses datatables)
Tick.gif
Tick.gif
Tick.gif
Manage filters
(ManageViews)
  • View, create, modify and delete all filters in the model (also other users' private filters).
  • Set the model default filter.
Tick.gif
Tick.gif
Manage project
(ManageProject)
  • Modify project information (name and description) (also GenericRead permission is needed)
Tick.gif
Tick.gif
Delete models
(DeleteModel)

As a project specific permission:

  • Moving model to recycle bin (soft deleting) (also project specific ManageProject permission is needed)
  • Delete datatables (for datatables deletion is always permanent)

As a global permission:

  • Permanently deleting models and projects (remove from the recycle bin) (also global ManageProject permission is needed)
Tick.gif
Tick.gif
Manage scrips
(ManageScripts)
  • As a project role, create, modify and delete scripts in project and model context.
  • As a global role, create, modify and delete all scripts.

This permission to be effective requires also the RunScript permission.

Tick.gif
Tick.gif
Manage operations
(ManageOperations)
  • View the Task log
  • Terminate in progress tasks run by any user
Tick.gif
Manage users
(ManageUsers)
  • Administrate users and groups, e.g. create new users and groups, and add users to groups.
Tick.gif
Create model
(CreateModel)
  • Create projects, models and datatables. When a project is created, the creator gets project Administrator role for the project (giving full permissions to the project).
Tick.gif
Tick.gif
SQL scripting
(RunScripts)
  • View scripts code and other script properties (with additional restrictions listed below)
  • Run scripts (with additional restrictions listed below)

The rights depend also in which of the following contexts the script is located:

  • project: To view scripts that are in project context, user needs to have the GenericRead for the project.
  • system: All users with RunScripts can see scripts in the system context.
Tick.gif

User Management Concepts

User management schema.png

User management in QPR ProcessAnalyzer is based on the following concepts (which are also illustrated in the diagram on the right):

  • User: Each person using the system should have an own user account. When a successful authentication has been made a session is created for a certain user. In addition to groups, roles can be assigned directly to users.
  • Group: Group contain selected roles and also selected users are assigned to the group, giving the roles to those users. Groups make managing users easier.
  • Role: Role contains specific permissions and thus giving certain kind of rights in the system. There are commonly used roles available in QPR ProcessAnalyzer, and additionally new roles can be created for customized use cases. Roles can be divided into two types:
    • Global role are used to give rights in the entire QPR ProcessAnalyzer system.
    • Project role are used to give rights in a certain project. When assigning projects roles, the project is also defined.
  • Permission: Permission defines what user can do (e.g. read, create, modify, delete) to certain kinds of objects. Permissions are fixes in the system, i.e. new permissions cannot be added by users.

The diagram also includes term role assignment which links one user/group (either of those), one project, and one role together.

(In the diagram, 0..N means that an entity is linked to none, one or several other entities, 1..N means that an entity is linked one or several other entities, and 1 means that the linkage is always to a single entity.)

Dashboard Permissions

  • View dashboard: EditDashboards for the project.
  • Create dashboard: EditDashboards for the project.
  • Edit dashboard: EditDashboards for the project.
  • Move dashboard: EditDashboards for the original project and for the target project.
  • Delete dashboard (permanently): EditDashboards for the project.

Model Permissions

  • View model: GenericRead for the project.
  • Create model: GenericRead and GenericWrite for the project and global CreateModel.
  • Change model properties (e.g. name): GenericRead and GenericWrite for the project.
  • Move model: GenericRead and DeleteModel for the source project, and GenericRead and GenericWrite for the target project.
  • Delete model (to bin): GenericRead and DeleteModel for the project.
  • Delete model (permanently): global DeleteModel.
  • Copy model: GenericRead and GenericWrite for the project and global CreateModel.
  • Initiate model loading: GenericRead for the project (*).

(*) The model loading might also require other permissions, e.g. access to the datatables or permissions required by the commands in the loading script. Models are not loaded using the permissions of the initiating user, but instead models are loaded in the following security context: GenericRead and GenericWrite for the project, global RunScripts. Models might also be loaded automatically during the server startup and this behavior ensures consistency regardless on how the model was loaded.

Project Permissions

  • View project: GenericRead for the project. (There are separate permissions for viewing different type of objects in the project.)
  • Create project: global CreateModel.
  • Change project properties (e.g. name): GenericRead and ManageProject for the project.
  • Move project: ManageProject for the moved project, GenericRead for the original parent project, and CreateModel for the target parent project.
  • Delete project (to bin): ManageProject and DeleteModel for the project.
  • Delete project (permanently): global DeleteModel and ManageProject permission for the project.
  • Copy project: Global CreateModel permission, and GenericRead and ManageProject for the copied project.

Datatable Permission

  • List datatables, view datatable properties and data contents: GenericRead for the project.
  • Create datatable: GenericWrite for the project and global CreateModel.
  • Change datatable properties and import data to datatable: GenericWrite for the project.
  • Move datatable between projects: GenericWrite and DeleteModel to source project, GenericWrite for target project, and global CreateModel.
  • Delete datatable (permanently): GenericWrite and DeleteModel for the project.

Filter Permissions

  • View own private filters, all published filters and model default filter: GenericRead for the project.
  • View all filters: ManageViews for the project.
  • Create filter: Filtering for the project.
  • Edit own filter: Filtering for the project.
  • Edit all filters: ManageViews for the project.
  • Publish own filter: Filtering for the project.
  • Publish all filters: ManageViews for the project.
  • Delete own filter (permanently): Filtering for the project.
  • Delete all filters (permanently): ManageViews for the project.
  • Set model default filter: ManageViews for the project.

Scripting Permissions

  • View, call and run expression script: GenericRead for the project.
  • Create, edit and delete expression script: ManageScripts for the project.
  • View and run SQL script: global RunScripts and GenericRead for the project.
  • Create, edit and delete SQL script: global RunScripts and ManageScripts for the project.