Skip to main content
Kinetic Community

Permissions

Determine access by Users and Groups through policy rules. All access is granted by default. Policy Rules are combined with users and groups to limit access to the application. Console access is determined by Policy Rules.

Users

Selecting the Users link on the upper left (default when page is opened) displays a list of all current users for this installation. Clicking on the Login Id opens the Edit User dialog. Information on the creator and dates of creation/modification is listed along the top of the dialog. The remaining fields are the same for creating a new user (see below).

permissions_user_list.png

Adding Users

To add a new user click on the Add New User button on the top right of the console. Login Id and Password are required.

Under the Policy Rule|System Default console, you can choose Allow All or Deny All as options for users (see below).

At the bottom of the dialog you have the option to add the user to available groups (see Groups below).

permissions_user_new.png

Login Id. Unique Id for the user.

Password. No restrictions on characters or length.

Email. Contact email for the user.

Group. Created on the group console, use policy rules to limit access.

Deleting Users

To delete a user, click the user and the Delete option is at the bottom of the edit user dialog. Users are deleted one at a time.

Groups

Use Groups to collect individual users into logical groups. It is easier to apply Policy Rules to group names than to list out and maintain lists of users. When the dialog is opened the list of configured groups is displayed. Sort the list by the column headers. The Add New Group and edit group dialogs have the same fields.

Adding/Editing Groups

Click the Add New Group button on the top right of the console to open the New Group dialog. Each group requires only a unique name and must be less than 255 characters. You can also add or remove users using the tables and links at the bottom of the dialog.

group_form.png

Delete Groups

To delete a Group click the group name to open in edit mode and click the Delete Group button on the lower right. Confirm your option to permanently delete. Deleting groups does not delete users, but could change their permissions.

Console Access

All of the consoles and their individual sections are listed here. Apply Policy Rules to limit access. Each listed console displays the Policy rules that are already applied in the list. Clicking on a console opens the Edit Console Access dialog. Add and Remove Policy Rules using the two tables on this dialog.

Sample Console List:

permission_console_access.png

Individual Console with Policy Rules:

permission_console_policy.png

 

Policy Rules

The Policy Rules section is broken into four sections, Consoles, Category, API, and System Default.

The first three sections deal with access to specific parts of the console. System default sets a default access parameter. Policy Rules define access using Ruby syntax to specify groups, individuals, or other parameters that are allowed or denied by existence, time or other options. Click on the question mark near the Rule input box for some examples.

policy_rule_helper.png

Consoles

Use this console to define access to the various consoles. Administrator and Manager access are defaulted.

policy_console.png

All fields are required.

Name. A unique descriptive name for the rule.

Rule. Ruby expression that is evaluated. If true access is granted.

Message. Denial reason displayed to user if access to the element is denied.

Console. Tables of consoles to chose for access.

Use the Delete Policy Rule button to permanently delete a rule.

Category

Used to restrict access to the Categories in the tree builder. The same fields are available for Consoles, only the table at the bottom is different.

policy_category.png

API

Use an API to allow other applications to create triggers for the task engine. Fields and requirements are the same as Console. Sources are listed in the allowable tables below denial reason.

policy_API.png

System Default

This console sets the default permission setting for Policy Rules. Allow All means that Policy Rules must be written to deny users access to Consoles, Categories, etc. The Deny All setting is the opposite. Default for the application is Allow All.