Permissions

Permissions

WHO CAN DO WHAT

Permissions bind users to resources.

permission-authentication

Overview

Each resource has an inherent set of roles it supports. For some, its a single role (e.g. SSH, you either can, or cannot, use). Others can be more fine grained (e.g. a Share can be Read-Only (Viewer) vs Read-Write (Editor). For Web Applications, these roles are user defined (e.g. Managing-Editor, Contributor in a web site).

A permission is the assigning of which user (or group) has which role in which resource.

Permissions are assigned under Access/Application Permissions (for web applications), and, Access/Resource Permissions (for all other resources such as a Share, Desktop, Launcher, etc.)

f11b5a27 image

Application Permissions

To assign users (or groups) permissions to a web application, enter the ID (user email or group ID) on a new row, and then set the permission on each column.

Agilicus recommends using Groups (so assign users to the group, assign permissions to the group) as it reduces configuration requirements.

0f6acbbe image

Resource Permissions

For resource permissions, enter a new user or group row, and then add each individual resource permission as a ‘chip’. Start by typing the resource name, and then select the role. The roles are often Owner (all permission) or Self (all permission).

f8200fe2 image

Diagnose User Permission Issues

To determine how an individual user might interact, you can use the Access/Audits menu. Enter a few letters of the user email and search. Below you will see the entire set of permissions, and, recently used access.

373c24cd image