Roles and Permissions: Difference between revisions
No edit summary |
|||
Line 104: | Line 104: | ||
* View all filters: '''ManageViews''' for the project. | * View all filters: '''ManageViews''' for the project. | ||
* Create filter: '''Filtering''' for the project. | * Create filter: '''Filtering''' for the project. | ||
* | * Edit own filter: '''Filtering''' for the project. | ||
* | * Edit all filters: '''ManageViews''' for the project. | ||
* Publish own filter: '''Filtering''' for the project. | * Publish own filter: '''Filtering''' for the project. | ||
* Publish all filters: '''ManageViews''' for the project. | * Publish all filters: '''ManageViews''' for the project. | ||
Line 133: | Line 133: | ||
* View and run global script: global '''RunScripts''' | * View and run global script: global '''RunScripts''' | ||
* View and run project script: global '''RunScripts''' and '''GenericRead''' for the project. | * View and run project script: global '''RunScripts''' and '''GenericRead''' for the project. | ||
* Create, | * Create, edit and delete global script: global '''RunScripts''' and '''ManageScripts''' | ||
* Create, | * Create, edit and delete project script: global '''RunScripts''' and '''ManageScripts''' for the project. | ||
== Expression Scripting Permissions (future) == | == Expression Scripting Permissions (future) == |
Revision as of 08:55, 1 April 2021
QPR ProcessAnalyzer has a role-based access control, where all operations require appropriate rights in order to be executable. Rights are given to users and groups by assigning roles to them. Roles are a collection of permissions. Permissions are fixed in QPR ProcessAnalyzer allowing certain operations to be done. Some roles are project-specific meaning that that role (and its permissions) is applicable only for that project. Roles can also be global which gives rights to all projects in the system. Users belonging to a group, have all the roles assigned to that group.
Global and Project Roles
There are two types of roles in QPR ProcessAnalyzer:
- Global roles are used to give rights in the entire QPR ProcessAnalyzer system.
- Project roles are used to give rights in a certain project. When assigning projects roles, the project is also defined.
By default, QPR ProcessAnalyzer system contains global and project roles that are shown in the following table (roles are as columns). The roles have been mapped to certain permissions that are also shown in the following table (permissions are as rows). It's possible to create new roles in QPR ProcessAnalyzer.
Global roles | Project roles | |||||||
---|---|---|---|---|---|---|---|---|
Permission | Allowed operations | Administrator | Create models | SQL Scripting | Administrator | Designer | Analyzer | Viewer |
View dashboards (GenericRead) |
|
|||||||
Save filters (Filtering) |
|
|||||||
Design dashboards (EditDashboards) |
|
|||||||
Import data (GenericWrite) |
|
|||||||
Manage filters (ManageViews) |
|
|||||||
Manage project (ManageProject) |
|
|||||||
Delete models (DeleteModel) |
As a project specific permission:
As a global permission:
|
|||||||
Manage scrips (ManageScripts) |
This permission to be effective requires also the RunScript permission. |
|||||||
Manage operations (ManageOperations) |
|
|||||||
Manage users (ManageUsers) |
|
|||||||
Create model (CreateModel) |
|
|||||||
SQL scripting (RunScripts) |
The rights depend also in which of the following contexts the script is located:
|
Datatable Permission
Permissions required for datatables:
- List datatables, view datatable properties and data contents: GenericRead for the project.
- Create datatable: GenericWrite for the project and global CreateModel.
- Change datatable properties and import data to datatable: GenericWrite for the project.
- Move datatable between projects: GenericWrite and DeleteModel to source project, GenericWrite for target project, and global CreateModel.
- Delete datatable (permanently): GenericWrite and DeleteModel for the project.
Dashboard Permissions
- View dashboard: EditDashboards for the project.
- Create dashboard: EditDashboards for the project.
- Edit dashboard: EditDashboards for the project.
- Move dashboard: EditDashboards for the original project and for the target project.
- Delete dashboard (permanently): EditDashboards for the project.
Filter Permissions
- View own private filters, all published filters and model default filter: GenericRead for the project.
- View all filters: ManageViews for the project.
- Create filter: Filtering for the project.
- Edit own filter: Filtering for the project.
- Edit all filters: ManageViews for the project.
- Publish own filter: Filtering for the project.
- Publish all filters: ManageViews for the project.
- Delete own filter (permanently): Filtering for the project.
- Delete all filters (permanently): ManageViews for the project.
- Set model default filter: ManageViews for the project.
Model Permissions
- View model: GenericRead for the project.
- Create model: global CreateModel.
- Change model properties (e.g. name): GenericRead and GenericWrite for the project.
- Move model: GenericRead for the original project, and CreateModel for the target project.
- Delete model (to bin): GenericRead and DeleteModel for the project.
- Delete model (permanently): global DeleteModel.
- Copy model: Global CreateModel permission and GenericRead for the copied model.
Project Permissions
- View project: GenericRead for the project. (There are separate permissions for viewing different type of objects in the project.)
- Create project: global CreateModel.
- Change project properties (e.g. name): GenericRead and ManageProject for the project.
- Move project: ManageProject for the moved project, GenericRead for the original parent project, and CreateModel for the target parent project.
- Delete project (to bin): ManageProject and DeleteModel for the project.
- Delete project (permanently): global DeleteModel and ManageProject permission for the project.
- Copy project: Global CreateModel permission, and GenericRead and ManageProject for the copied project.
SQL Scripting Permissions
- View and run global script: global RunScripts
- View and run project script: global RunScripts and GenericRead for the project.
- Create, edit and delete global script: global RunScripts and ManageScripts
- Create, edit and delete project script: global RunScripts and ManageScripts for the project.
Expression Scripting Permissions (future)
- View and run project script: RunScripts and GenericRead for the project.
- Create, edit and delete project script: ManageScripts and GenericRead for the project.
- View and run global script: global RunScripts and GenericRead.
- Create, edit and delete global script: global ManageScripts and GenericRead.
Group Roles
Group administrator | Normal member | Hidden Member | |
---|---|---|---|
Add and remove group members | |||
Create users to group | |||
Add and remove project access rights of a user | |||
Open model accessible to group members | |||
See unhidden group members | |||
See hidden group members |
If a group member is a project Administrator, the user can add and remove project specific access rights for the group or for any individual member of the project.