Roles

A role definition is a collection of permissions. It's typically just called a role. A role definition lists the actions that can be performed, such as read, write, and delete. Roles can be high-level, like "Owner", or specific, like "Read Only User" .

NameDescription

Owner

Owner and creator of the organization.

Administrator

Administrator of the organization. They are designated as such by the "Owner".

Operator

Developer or technician of the organization.

Helpdesk

Support role on projects.

Standard User

Invited to work on a project by the organization.

Read Only User

Simple observer of the organization's technical activities on the platform.

List of entities impacted by roles

EntityDescription

Organization

Major entity of the application.

User

This is the user entity. It acts more as a subject than an object. It is the one that will be queried to determine if it has the right to access other entity-objects.

Project

Framework for all the work within an organization. An organization can have multiple projects.

Blueprint

Workspace within a project. A project can have multiple blueprints.

List of rights by object entity (also called Namespace)

Each namespace has different access rights to its functionalities. It's important to know that there are two types of rights: Those that encompass an organization and those that are specific to a project and/or a blueprint.

The rights of the Project and Blueprint namespaces are of the latter. This allows targeting a project for a person invited to work on a specific project and prevents them from accessing others.

Organization

NameDescription

access_org

Access the organization (this is not about reading, but access from a code perspective - e.g., A person who can only access one project of the organization must still have access to some organization code calls).

read_org

Read access to the organization.

edit_org

Edit the organization (This does not involve administrative changes).

administrate_org

Administer the organization (Role assignment - modification of organization information).

delete_org

Delete the organization (The default organization cannot be deleted).

read_project

Read access to the organization's projects.

create_project

Create a new project within the organization.

edit_project

Make modifications to a project.

delete_project

Delete a project.

share_project

Share a project.

read_blueprint

Read access to the blueprints of the organization's projects.

create_blueprint

Create a blueprint within a project.

edit_blueprint

Modify a blueprint.

delete_blueprint

Delete a blueprint.

deploy_blueprint

Deploy a blueprint.

revert_blueprint

Revert to a previous version of the blueprint.

share_blueprint

Share a blueprint.

Project

NameDescription

read

Read access to a specific project.

create_blueprint

Create a blueprint in a specific project.

edit

Modify a specific project.

delete

Delete a specific project.

Blueprint

NameDescription

read

Read access to a specific blueprint.

edit

Modify a specific blueprint.

delete

Delete a specific blueprint.

share

Share a specific blueprint.

revert

Revert to a previous version of a specific blueprint.

deploy

Deploy a specific blueprint.

Who can do what?

Organization

access_orgread_orgedit_orgdelete_orgadministrate_org

owners

owners

owners

owners

owners

administrators

administrators

administrators

administrators

operators

operators

operators

helpdesks

standartUsers

readonlyUsers

readonlyUsers

read_projectcreate_projectedit_projectdelete_projectshare_project

owners

owners

owners

owners

owners

administrators

administrators

administrators

administrators

administrators

operators

operators

operators

operators

operators

readonlyUsers

read_blueprintcreate_blueprintedit_blueprintdelete_blueprintdeploy_blueprintrevert_blueprintshare_blueprint

owners

owners

owners

owners

owners

owners

owners

administrators

administrators

administrators

administrators

administrators

administrators

administrators

operators

operators

operators

operators

operators

operators

operators

readonlyUsers

Project

readcreate_blueprinteditdeleteshare

helpdesks

helpdesks

standardUsers

standardUsers

standardUsers

standardUsers

standardUsers

Blueprint

readeditdeletesharedeployrevert

helpdesks

helpdesks

standardUsers

standardUsers

standardUsers

standardUsers

standardUsers

standardUsers

Last updated