Roles
A role definition is a collection of permissions. It's typically just called a role. A role definition lists the actions that can be performed, such as read, write, and delete. Roles can be high-level, like "Owner", or specific, like "Read Only User" .
Owner
Owner and creator of the organization.
Administrator
Administrator of the organization. They are designated as such by the "Owner".
Operator
Developer or technician of the organization.
Helpdesk
Support role on projects.
Standard User
Invited to work on a project by the organization.
Read Only User
Simple observer of the organization's technical activities on the platform.
List of entities impacted by roles
Organization
Major entity of the application.
User
This is the user entity. It acts more as a subject than an object. It is the one that will be queried to determine if it has the right to access other entity-objects.
Project
Framework for all the work within an organization. An organization can have multiple projects.
Blueprint
Workspace within a project. A project can have multiple blueprints.
List of rights by object entity (also called Namespace)
Each namespace has different access rights to its functionalities. It's important to know that there are two types of rights: Those that encompass an organization and those that are specific to a project and/or a blueprint.
The rights of the Project and Blueprint namespaces are of the latter. This allows targeting a project for a person invited to work on a specific project and prevents them from accessing others.
Organization
access_org
Access the organization (this is not about reading, but access from a code perspective - e.g., A person who can only access one project of the organization must still have access to some organization code calls).
read_org
Read access to the organization.
edit_org
Edit the organization (This does not involve administrative changes).
administrate_org
Administer the organization (Role assignment - modification of organization information).
delete_org
Delete the organization (The default organization cannot be deleted).
read_project
Read access to the organization's projects.
create_project
Create a new project within the organization.
edit_project
Make modifications to a project.
delete_project
Delete a project.
share_project
Share a project.
read_blueprint
Read access to the blueprints of the organization's projects.
create_blueprint
Create a blueprint within a project.
edit_blueprint
Modify a blueprint.
delete_blueprint
Delete a blueprint.
deploy_blueprint
Deploy a blueprint.
revert_blueprint
Revert to a previous version of the blueprint.
share_blueprint
Share a blueprint.
Project
read
Read access to a specific project.
create_blueprint
Create a blueprint in a specific project.
edit
Modify a specific project.
delete
Delete a specific project.
Blueprint
read
Read access to a specific blueprint.
edit
Modify a specific blueprint.
delete
Delete a specific blueprint.
share
Share a specific blueprint.
revert
Revert to a previous version of a specific blueprint.
deploy
Deploy a specific blueprint.
Who can do what?
Organization
owners
owners
owners
owners
owners
administrators
administrators
administrators
administrators
operators
operators
operators
helpdesks
standartUsers
readonlyUsers
readonlyUsers
owners
owners
owners
owners
owners
administrators
administrators
administrators
administrators
administrators
operators
operators
operators
operators
operators
readonlyUsers
owners
owners
owners
owners
owners
owners
owners
administrators
administrators
administrators
administrators
administrators
administrators
administrators
operators
operators
operators
operators
operators
operators
operators
readonlyUsers
Project
helpdesks
helpdesks
standardUsers
standardUsers
standardUsers
standardUsers
standardUsers
Blueprint
helpdesks
helpdesks
standardUsers
standardUsers
standardUsers
standardUsers
standardUsers
standardUsers
Last updated
Was this helpful?