Skip to content

Roles

Roles is a standard configuration interface for the sets of permissions that are utilized by the user groups when accessing the UI. One Role can be used by multiple User Groups.

Refer to the Standard Configuration Interface guide for details on interacting with the grid and form.

This user interface calls REST methods from api/AAA/roles.

The UI path for this interface is Configuration -> AAA -> Roles.

Form Fields

  • Role Name - The name of the role. The configured role names are visible when configuring User Groups.

  • Description - The description of the role.

  • Permissions - Selection groups for the available ACL's that control access to the different sections of Assure1. A description of the permission can be seen by hovering over the ID or name.

Best Practices

  • When creating a new role, ensure it has the correct permissions for each section in Assure1. Proper role creation is required in a multi-tenant environment.

  • When assigning a permission to a role, enable the Read flag of that permission. Without this flag enabled, members of groups assigned to this role will be unable to access the configured secure area of the application.

Default Roles

  • Administrator - This role has all read, create, update, delete and execute permissions for every secured area of the application.

  • Anonymous - This role has login ability, but no read, create, update, delete or execute privileges to any secured area of the application.

  • API - This role is intended to provide read, create, update and execute access for applications which act as a user to call the Assure1 API. This role also has delete permissions to some areas of the application.

  • Operator - With the exception of UserProfiles and GlobalProperties, this role has read access to every secured area of the application.

  • Publisher - This role is intended to provide limited read and write access to User Groups, Users, Queries, Files, TL1 Gateways, TL1 Gateway Elements, Graph Vertices, Dashboards, Reports, Event Displays, Event Filters, SLM Services, SLM Events, and SLM Metrics.

Global Permissions

These permissions override configured security options for objects within the application. For example, a file created by user Anne with herself as the owner, would be visible only to Anne and members of a group with either the PUBLISHER or SUPER permissions.

  • PUBLISHER - ability to edit access permissions for application objects (e.g. Reports, Files).

  • SUPER - access to read and edit everything in the application.