Roles
A role definition is a collection of permissions. It's typically just called a role. A role definition lists the actions that can be performed, such as read, write, and delete. Roles can be high-level, like "Owner", or specific, like "Read Only User" .
Name | Description |
---|---|
Owner | Owner and creator of the organization. |
Administrator | Administrator of the organization. They are designated as such by the "Owner". |
Operator | Developer or technician of the organization. |
Helpdesk | Support role on projects. |
Standard User | Invited to work on a project by the organization. |
Read Only User | Simple observer of the organization's technical activities on the platform. |
List of entities impacted by roles
Entity | Description |
---|---|
Organization | Major entity of the application. |
User | This is the user entity. It acts more as a subject than an object. It is the one that will be queried to determine if it has the right to access other entity-objects. |
Project | Framework for all the work within an organization. An organization can have multiple projects. |
Blueprint | Workspace within a project. A project can have multiple blueprints. |
List of rights by object entity (also called Namespace)
Each namespace has different access rights to its functionalities. It's important to know that there are two types of rights: Those that encompass an organization and those that are specific to a project and/or a blueprint.
The rights of the Project and Blueprint namespaces are of the latter. This allows targeting a project for a person invited to work on a specific project and prevents them from accessing others.
Organization
Name | Description |
---|---|
access_org | Access the organization (this is not about reading, but access from a code perspective - e.g., A person who can only access one project of the organization must still have access to some organization code calls). |
read_org | Read access to the organization. |
edit_org | Edit the organization (This does not involve administrative changes). |
administrate_org | Administer the organization (Role assignment - modification of organization information). |
delete_org | Delete the organization (The default organization cannot be deleted). |
read_project | Read access to the organization's projects. |
create_project | Create a new project within the organization. |
edit_project | Make modifications to a project. |
delete_project | Delete a project. |
share_project | Share a project. |
read_blueprint | Read access to the blueprints of the organization's projects. |
create_blueprint | Create a blueprint within a project. |
edit_blueprint | Modify a blueprint. |
delete_blueprint | Delete a blueprint. |
deploy_blueprint | Deploy a blueprint. |
revert_blueprint | Revert to a previous version of the blueprint. |
share_blueprint | Share a blueprint. |
Project
Name | Description |
---|---|
read | Read access to a specific project. |
create_blueprint | Create a blueprint in a specific project. |
edit | Modify a specific project. |
delete | Delete a specific project. |
Blueprint
Name | Description |
---|---|
read | Read access to a specific blueprint. |
edit | Modify a specific blueprint. |
delete | Delete a specific blueprint. |
share | Share a specific blueprint. |
revert | Revert to a previous version of a specific blueprint. |
deploy | Deploy a specific blueprint. |
Who can do what?
Organization
access_org | read_org | edit_org | delete_org | administrate_org |
---|---|---|---|---|
owners | owners | owners | owners | owners |
administrators | administrators | administrators | administrators | |
operators | operators | operators | ||
helpdesks | ||||
standartUsers | ||||
readonlyUsers | readonlyUsers |
read_project | create_project | edit_project | delete_project | share_project |
---|---|---|---|---|
owners | owners | owners | owners | owners |
administrators | administrators | administrators | administrators | administrators |
operators | operators | operators | operators | operators |
readonlyUsers |
read_blueprint | create_blueprint | edit_blueprint | delete_blueprint | deploy_blueprint | revert_blueprint | share_blueprint |
---|---|---|---|---|---|---|
owners | owners | owners | owners | owners | owners | owners |
administrators | administrators | administrators | administrators | administrators | administrators | administrators |
operators | operators | operators | operators | operators | operators | operators |
readonlyUsers |
Project
read | create_blueprint | edit | delete | share |
---|---|---|---|---|
helpdesks | helpdesks | |||
standardUsers | standardUsers | standardUsers | standardUsers | standardUsers |
Blueprint
read | edit | delete | share | deploy | revert |
---|---|---|---|---|---|
helpdesks | helpdesks | ||||
standardUsers | standardUsers | standardUsers | standardUsers | standardUsers | standardUsers |
Last updated