Access Profile Permissions and Operations

Administrators above Provider level can maintain Access Profiles as a part of Role Management. In particular, a profile assigned to a role can provide a general set of permissions and well as Type-specific operations which are associated with specific models.

For Type-specific operations, wild cards may be used in model references, for example data/*.

Note

  • Type-specific permissions that are also configured as general permitted operations will override the general permissions.

The default access profiles show typical configurations, for example an Operator-type profile at a hierarchy would only require Read type-specific permissions, while the administrator profile at the same hierarchy would have Create, Update and Delete permissions for the same type.

The lists below provide details on the types of settings.

  • Miscellaneous Permissions

    Many of these are general permissions that can be overridden per model as Type Specific Permissions.

    The explanations below show the affect of enabling the permission.

    • Api Root: Access to API root endpoint is permitted.
    • Device Type Root: Access to API device type model root endpoint is permitted.
    • Export Data: General permission to export data.
    • Help: On-line help button is shown.
    • Help Export: Help data can be exported.
    • Json Editor: Access to JSON Editor for the editing of model instances. A JSON Edit button is available on the GUI form.
    • Login: Login is allowed.
    • Meta Schema: Meta schema is accessible.
    • Model Type Choices: Access to API choices endpoint of model types is permitted.
    • Model Type Root: Access to API model root endpoint is permitted.
    • Operations: Operations on models are permitted.
    • Tag: Models can be tagged.
    • Tool Root: Access to API tool root endpoint is permitted.
    • Upload: Uploads are allowed.

  • Type Specific Permissions

    These are typically available on the GUI when listing or showing the type.

    Note

    • The available permissions can vary according to the selected type.
    • If the Create type specific permission is enabled for a model type, this also enables Clone of a model instance.

    Typical operations are listed below:

    • Create, Delete, Read, Update: management operations on models.

    • Configuration Template, Field Display Policy: create these for the model.

    • Export, Export Bulkoad Template : allow export formats of the model.

    • Bulk Update: from a GUI list view, more than one item can be selected and updated.

    • For system level administrators above provider level: Purge for device models. From a list or instance view, remove the local database instance but retain it on the device.

      Note

      This operation is only applicable in cases where the UC server is still online and available in the VOSS-4-UC system.

    • For designers: Migration: a migration template can be obtained.

    • For designers: Tag and Tag Version: a model instance can be tagged and a version provided.