Page tree
Skip to end of metadata
Go to start of metadata

Summary: this page describes how to manage User Roles in the AIP Console.

Introduction

The AIP Console uses a system of "roles" to manage permissions and access to data. Currently the following roles are available:

RoleTypeDescription
AdminGlobal

This Global level role allows a user or member of a group to administer the entire AIP Console, including:

It can be assigned to a User or Group (if LDAP/Active Directory/SAML user authentication mode is in operation).

Application OwnerGlobal / Resource

Global level:

  • At Global level this role allows a user to create/edit/delete/deliver code/analyze/snapshot any Application, and view data in the embedded dashboards from any Application, but the ability to assign an Application to domains is not available.
  • When an Application is created by a user/group with the Application Owner Global level role, the user/group can choose an existing domain or create a new one for the Application
  • When an Application is created by a user with the Application Owner Global level role, the user is also automatically granted Application Owner role at Resource level.

Resource level:

  • At Resource level, an Application Owner can edit/delete/deliver code/analyze/create snapshots the Applications they have created (if they also have the Global level role) or that they have been assigned to via a Domain and can view data in the embedded dashboards from the Applications they have created or have been assigned to 
  • For all Applications they have been granted Application Owner at Resource level, they will be automatically granted rights to work with the Application or the Applications, i.e.:
    • deliver code
    • analyze
    • create snapshots
  • The Application Owner role can be Global or Resource (or both):
    • A role at Global level grants specific rights over all Applications managed in AIP Console
    • A role at Resource level grants specific rights over the resource in question (i.e. Applications or Domains).
  • Users can hold more than one role at a time - in this case the most permissive role takes priority.

Adding a Global level role

To assign a Global level role to other users, the current user needs to already have the "Admin" role.

Move to the Security option:

A list of users/groups that already have Global level roles will be displayed (your own login or the group your login belongs to should be displayed in the list as an Admin):

Click the Add Roles button to assign the role. Depending on the authentication mode in use (see Configuring User Authentication), you will then be prompted to assign the role:

Authentication modeGUIAction required
Authentication using local configuration

  • Enter the name of the User
  • Choose the role
  • Click Save.
LDAP/Active Directory/SAML

  • Select the LDAP/Active Directory/SAML scope (User or Group)
  • Enter the name of the User / Group
  • Choose the role
  • Click Save.

The page will updated and list the changes you have made:

In the above example, when the user "James" logs in, he will have Application Owner rights at Global level. To remove a role, click the recycle bin next to the user's name:

Note that it is not possible to remove the Admin role from your own login (in the example above, this is the "cast" login). This is to prevent a situation where there are no users with the Admin role.

Adding a Resource level role

To assign a Resource level role to other users, the current user needs to already have the "Admin" role.

Resource level roles (i.e. Application Owner) can be assigned to Domains (and all Applications associated with them) and/or individual Applications. To add a resource level role, move to the Applications option:

A list of Applications that already exist will be listed by Domain. Choose whether you want to assign the role at Domain or Application level, and then click the appropriate three dots menu and select Manage User Roles:

Click to enlarge

In this example we have selected to assign the role at Application level for the Application "MEUDON". No roles have previously been assigned for this Application. Click the Add Roles button to assign the role:

Depending on the authentication mode in use (see Configuring User Authentication), you will then be prompted to assign the role:

Authentication modeGUIAction required
Authentication using local configuration

  • Enter the name of the User
  • Choose the role
  • Click Save.
LDAP/Active Directory/SAML

  • Select the LDAP/Active Directory/SAML scope (User or Group)
  • Enter the name of the User / Group
  • Choose the role
  • Click Save.

The page will update and list the changes you have made:

To edit the assigned role, click the edit button, to remove a role, click the recycle bin next to the User or Group's name as shown above.

  • No labels