Additional considerations
Roles allow grouping different levels of access for various organizations and, at the same time, allow grouping different levels of access by module for simplified management.
Multiclient environments
The roles of an organization allow configuring access and visibility for the users of the organization, and also allow including the permissions to configure access and visibility to dependent organizations.
An organization is dependent when:
- It is client type and the roles and users are in the partner organization at a higher level.
- It is a sub-organization of a client organization.
Roles are assigned to users and contain the definition of levels of access and visibility, being able to establish different configurations for the root organization and its sub-organizations in the same role. This can only be done in a descending manner; that is, from a higher-level organization, permissions can be assigned to the organization itself and the organizations that depend on it.
Levels of access by modules
The levels of access are also defined for each module of the solution:
Portal
In Portal, there are two roles available: User and Organization Admin. The first allows viewing actions; and the second can turn functionalities on or off and make changes at a general level.
To access certain functionalities, in addition to the user role in the Portal, access to Workspaces is required, depending on the functionality, with Level 1 or Level 2 roles.
Available actions by each role:
| Functionality | Action | Organization Admin | User | |
|---|---|---|---|---|
| Activations | View | X | ||
| Operations log | View | X | X | |
| Microservices | Create | X | Only if L2 in Workspaces | |
| Microservices | View | X | Only if L1 or L2 in Workspaces | |
| Microservices | Modify | X | Only if L2 in Workspaces | |
| Microservices | Delete | X | Only if L2 in Workspaces | |
| Enabled microservices | View | X | Only if L1 or L2 in Workspaces | |
| Enabled microservices | Modify | X | Only if L2 in Workspaces | |
| FlexxAgent Configuration | View | X | X | |
| FlexxAgent Configuration | Modify | X | ||
| Flows | Create | X | Only if L2 in Workspaces | |
| Flows | View | X | Only if L2 in Workspaces | |
| Flows | Modify | X | Only if L2 in Workspaces | |
| Integrations | Create | X | ||
| Modules | Create | X | ||
| Modules | View | X | ||
| Modules | Modify | X | ||
| Operations | View | X | Only if L1 or L2 in Workspaces | |
| Patch Management | Create | X | Only if L2 in Workspaces | |
| Patch Management | View | X | Only if L1 or L2 in Workspaces | |
| Patch Management | Modify | X | Only if L2 in Workspaces | |
| Patch Management | Delete | X | Only if L2 in Workspaces | |
| Policies | Create | X | ||
| Policies | View | X | X | |
| Policies | Modify | X | ||
| Policies | Delete | X | ||
| Reporting Groups | Create | X | ||
| Reporting Groups | View | X | ||
| Reporting Groups | Modify | X | ||
| Roles | Create | X | ||
| Roles | View | X | ||
| Roles | Modify | X | ||
| Roles | Delete | X | ||
| Organizations | Create | X | ||
| Organizations | View | X | ||
| Organizations | Modify | X | ||
| Organizations | Delete | X | ||
| Users | Create | X | ||
| Users | View | X | ||
| Users | Modify | X | ||
| Users | Delete | X | ||
| Workspaces | View | X | Only if L1 or L2 in Workspaces | |
| Workspace Groups | Create | X | ||
| Workspace Groups | View | X | Only if L1 or L2 in Workspaces | |
| Workspace Groups | Modify | X | ||
| Workspace Groups | Delete | X |
Workspaces
In Workspaces, there are two roles available: Level 1 and Level 2. The first allows the most common support actions, such as providing remote assistance, sending microservices, power actions, or consulting device information and, the second, includes all the support functionalities of Level 1 plus server management, networks, locations, wifi networks, and alert configuration.
Available actions by each role:
| Functionality | Action | Level 1 | Level 1 Read Only | Level 2 | Level 2 Read Only |
|---|---|---|---|---|---|
| UX Panel | View | X | X | X | X |
| Workspaces | View | X | X | X | X |
| Workspaces | Execute operations | X | X | ||
| Sessions | View | X | X | X | X |
| Sessions | Execute operations | X | X | ||
| Connection Logs | View | X | X | X | X |
| Jobs | View | X | X | X | X |
| Jobs | Cancel | X | X | ||
| Alerting | View | X | X | X | X |
| Alerting | Off | X | X | ||
| Profile Storage | View | X | X | X | X |
| Profile Storage | Modify | X | X | ||
| Profile Storage | Delete | X | X | ||
| Alert notification profiles | View | X | X | ||
| Alert notification profiles | Modify | X | |||
| Alert notification profiles | Delete | X | |||
| Alert Subscriptions | View | X | X | ||
| Alert Subscriptions | Modify | X | |||
| Alert Subscriptions | Delete | X | |||
| Events Log | View | X | X | ||
| Events Log | Modify | X | |||
| Events Log | Delete | X | |||
| Locations | View | X | X | ||
| Locations | Create | X | |||
| Locations | Modify | X | |||
| Networks | View | X | X | ||
| Networks | Modify | X | |||
| Notifications | View | X | X | ||
| Notifications | Create | X | |||
| Notifications | Modify | X | |||
| Notifications | Delete | X | |||
| Reporting Groups | View | X | X | ||
| Servers | View | X | X | ||
| Servers | Execute operations | X | |||
| Wireless networks | View | X | X | ||
| Wireless networks | Modify | X |
Analyzer
Since Analyzer presents information and never allows modifications to the organization or its devices, it does not segment access to the functionalities it contains, therefore access is either granted or denied to users.
The access options for Analyzer are Access and No Access.