Roles and Privileges¶
Part of the Settings options have to do with the important task of defining and managing permissions and roles to access resources, and relating them to users.
EDP displays the list of current defined roles, and new roles can be added by users with the appropriate rights to do so. Adding new roles, or modifying existing ones, also means assigning (or removing) privileges. Simply start typing and the available privileges will be offered, then select from the privileges that are listed.
Link privileges to roles. Open in new tab to see full-size image.¶
Privileges¶
Privileges represent logical groups of permissions. They mirror usual actions performed by users, according to their roles, and these actions may require multiple permissions. While permissions are defined in the source code, privileges can be created, deleted and updated by users at runtime.
Similar to creating roles, the process of creating privileges also includes, after entering an unique name and description, selecting from a list of the available permissions both in the front- and in the backend.
And so is usage power distributed in EDP: One privilege may contain several permissions; one role may contain many privileges; one user may have several roles. An “admin” role, for example, will contain privileges that include all permissions available.
Permissions¶
This area of the Settings menu lists and describes EDP permissions that are currently defined for both front- and backend.
Permissions can be seen as access control’s lowest level of granularity. If certain users have permission to work on a certain runtime group “A”, for example, they may access its resources, otherwise their request will be rejected or the “A” group will not be visible to them.
That means, EDP will hide parts of the UI that are not relevant to users who lack the corresponding permissions. A complete description of all permissions is provided; that is an essential piece of information for administrators in charge of assigning privileges to roles, and roles to users.
Users¶
Also in the Settings menu area, the Users option allows to edit user information, add and delete users, and also reset a user’s password.
Under Settings, passwords can be changed. Open in new tab to see full-size image.¶
Once new users are added, their information can be edited and the environments assigned to them can be changed. Administrators are also able to change or add roles to specific users.
Basic Permissions for New Users¶
Without being provided with minimal required permissions, newly created users are not able to log into the EDP web portal. A privilege featuring minimal required permissions, if it still does not exist, needs to be created and defined as a “basic” role to be assigned to new users.
Which permissions are considered “basic” to start using the EDP web portal depend on a company’s policies. Those policies will define whether or not newcomers will be allowed to access, in read-only mode, the Features or Runtimes pages.
Example of a privilege for an authenticated user, that allows to log into EDP but gives no access to any Menu points, would include only the three following backend permissions:
ID_GetCurrentUserFrontendPermissions,
APPEARANCE_GetAppearance
VERSION_GetBriefVersion.
In case of new deployments from EDP, when no appropriate privilege is found, please choose the Load predefined option under Privileges.
