.. _access-profile-operations:
Access Profile Permissions and Operations
-----------------------------------------
Administrators *above* Provider level can maintain access profiles
as a part of role management.
An access profile assigned to a role provides a general set of permissions
and type-specific operations which are associated with specific models.
For type-specific operations, wild cards may be used
in model references, for example ``data/*``.
.. note::
* Type-specific permissions that are also configured as general
permitted operations will override the general permissions.
The default access profiles show typical configurations,
for example an Operator-type profile at a hierarchy would *only* require
**Read** type-specific permissions, while the administrator profile
at the same hierarchy would have **Create**, **Update** and **Delete**
permissions for the same type.
The default access profiles of the following administrators above
Provider level have full general and type-specific permissions to all models:
* ``hcsadmin`` (Provider product deployment)
* ``entadmin`` (Enterprise product deployment)
The lists below provide details on the types of settings.
* **Miscellaneous Permissions**
Many of these are general permissions that can be overridden per model
as **Type Specific Permissions**.
The explanations below show the affect of enabling the permission.
* **Api Root**: Access to API root endpoint is permitted.
* **Device Type Root**: Access to API ``device`` type model root endpoint is permitted.
* **Export Data**: General permission to export data.
* **Help**: On-line help button is shown.
* **Help Export**: Help data can be exported.
* **Json Editor**: Access to JSON Editor for the editing of model instances.
A **JSON Edit** button is available on the GUI form.
* **Login**: Login is allowed.
* **Meta Schema**: Meta schema is accessible.
* **Model Type Choices**: Access to API choices endpoint of model types is permitted.
* **Model Type Root**: Access to API model root endpoint is permitted.
* **Operations**: Operations on models are permitted.
* **Tag**: Models can be tagged.
* **Tool Root**: Access to API tool root endpoint is permitted.
* **Upload**: Uploads are allowed.
* **Type Specific Permissions**
These are typically available on the GUI when listing or showing the type.
.. note::
* The available permissions can vary according to the selected type.
* If the **Create** type specific permission is enabled for
a model type, this also enables **Clone** of a model instance.
Typical operations are listed below:
* **Create**, **Delete**, **Read**, **Update**: management operations on models.
* **Configuration Template**, **Field Display Policy**: create these for the model.
* **Export**, **Export Bulkoad Template** : allow export formats of the model.
* **Bulk Update**: from a GUI list view, more than one item can be selected and
updated.
* For system level administrators above provider level: **Purge** for device models.
From a list or instance view, remove the local database instance but retain it on the device.
.. note::
This operation is only applicable in cases where the UC server is still online
and available in the VOSS-4-UC system.
* For designers: **Migration**: a migration template can be obtained.
* For designers: **Tag** and **Tag Version**: a model instance can be tagged and a version provided.
**See Also**:
*
.. raw:: latex
Access Profile Overview in the Core Feature Guide
.. raw:: html
<a href="access-profiles.html">Access Profile Overview</a>