Additional considerations
Roles allow grouping different levels of access for various organizations and, at the same time, allow grouping different levels of access per module to manage them in a simplified way.
Multitenant environments
The roles of an organization allow configuring access and visibility for the users of the organization and also allow including permissions to configure access and visibility for dependent organizations.
An organization is dependent when:
- It is of client type and the roles and users are in the partner-type organization at a higher level.
- It is a sub-organization of a client organization.
Roles are assigned to users and contain the definition of levels of access and visibility, allowing different configurations for the root organization and its sub-organizations to be established within the same role. This can only be done in a downward manner; that is, from a higher-level organization, permissions can be assigned to the organization itself and the organizations that depend on it.
Access levels by modules
Access levels are also defined for each module of the solution:
Portal
In Portal, there are two roles available: User and Organization Administrator. The first allows viewing actions; and the second can activate or deactivate functionalities and make general-level changes.
To access certain functionalities, in addition to the user role in Portal, access to Workspaces is required, depending on the functionality, with role Level 1 or Level 2.
Available actions in each role:
| Functionality | Action | Organization Admin | User | |
|---|---|---|---|---|
| Activations | View | X | ||
| Operations log | View | X | X | |
| Microservices | Create | X | Only if it is L2 in Workspaces | |
| Microservices | View | X | Only if it is L1 or L2 in Workspaces | |
| Microservices | Modify | X | Only if it is L2 in Workspaces | |
| Microservices | Delete | X | Only if it is L2 in Workspaces | |
| Enabled microservices | View | X | Only if it is L1 or L2 in Workspaces | |
| Enabled microservices | Modify | X | Only if it is L2 in Workspaces | |
| FlexxAgent Configuration | View | X | X | |
| FlexxAgent Configuration | Modify | X | ||
| Flows | Create | X | Only if it is L2 in Workspaces | |
| Flows | View | X | Only if it is L2 in Workspaces | |
| Flows | Modify | X | Only if it is L2 in Workspaces | |
| Integrations | Create | X | ||
| Modules | Create | X | ||
| Modules | View | X | ||
| Modules | Modify | X | ||
| Operations | View | X | Only if it is L1 or L2 in Workspaces | |
| Patch management | Create | X | Only if it is L2 in Workspaces | |
| Patch management | View | X | Only if it is L1 or L2 in Workspaces | |
| Patch management | Modify | X | Only if it is L2 in Workspaces | |
| Patch management | Delete | X | Only if it is L2 in Workspaces | |
| Policies | Create | X | ||
| Policies | View | X | X | |
| Policies | Modify | X | ||
| Policies | Delete | X | ||
| Reporting Groups | Create | X | ||
| Reporting Groups | View | X | ||
| Reporting Groups | Modify | X | ||
| Roles | Create | X | ||
| Roles | View | X | ||
| Roles | Modify | X | ||
| Roles | Delete | X | ||
| Organizations | Create | X | ||
| Organizations | View | X | ||
| Organizations | Modify | X | ||
| Organizations | Delete | X | ||
| Users | Create | X | ||
| Users | View | X | ||
| Users | Modify | X | ||
| Users | Delete | X | ||
| Workspaces | View | X | Only if it is L1 or L2 in Workspaces | |
| Workspaces Groups | Create | X | ||
| Workspaces Groups | View | X | Only if it is L1 or L2 in Workspaces | |
| Workspaces Groups | Modify | X | ||
| Workspaces Groups | Delete | X |
Workspaces
In Workspaces, there are two roles available: Level 1 and Level 2. The first allows the most common support actions, such as providing remote assistance, sending microservices, power actions, or querying device information, and the second includes all Level 1 support functionalities plus server, network, location, wifi network management, and alert configuration.
Available actions in each role:
| Functionality | Action | Level 1 | Level 1 Read Only | Level 2 | Level 2 Read Only |
|---|---|---|---|---|---|
| UX Panel | View | X | X | X | X |
| Workspaces | View | X | X | X | X |
| Workspaces | Execute operations | X | X | ||
| Sessions | View | X | X | X | X |
| Sessions | Execute operations | X | X | ||
| Connection Logs | View | X | X | X | X |
| Jobs | View | X | X | X | X |
| Jobs | Cancel | X | X | ||
| Alerts | View | X | X | X | X |
| Alerts | Deactivate | X | X | ||
| Profile Storage | View | X | X | X | X |
| Profile Storage | Modify | X | X | ||
| Profile Storage | Delete | X | X | ||
| Alert notification profiles | View | X | X | ||
| Alert notification profiles | Modify | X | |||
| Alert notification profiles | Delete | X | |||
| Alert Subscriptions | View | X | X | ||
| Alert Subscriptions | Modify | X | |||
| Alert Subscriptions | Delete | X | |||
| Event Log | View | X | X | ||
| Event Log | Modify | X | |||
| Event Log | Delete | X | |||
| Locations | View | X | X | ||
| Locations | Create | X | |||
| Locations | Modify | X | |||
| Networks | View | X | X | ||
| Networks | Modify | X | |||
| Notifications | View | X | X | ||
| Notifications | Create | X | |||
| Notifications | Modify | X | |||
| Notifications | Delete | X | |||
| Reporting Groups | View | X | X | ||
| Servers | View | X | X | ||
| Servers | Execute operations | X | |||
| Wireless networks | View | X | X | ||
| Wireless networks | Modify | X |
Analyzer
Since Analyzer presents information and in no case allows modifications to the organization or its devices, it does not segment access to the functionalities it contains, therefore access is granted or not to users.
Therefore, the access options to Analyzer are
- Access
- No access