.. _access-profile-operations: Access Profile Permissions and Operations ----------------------------------------- Administrators *above* Provider level can maintain access profiles as a part of role management. An access profile assigned to a role provides a general set of permissions and type-specific operations which are associated with specific models. For type-specific operations, wild cards may be used in model references, for example ``data/*``. .. note:: * Type-specific permissions that are also configured as general permitted operations will override the general permissions. The default access profiles show typical configurations, for example an Operator-type profile at a hierarchy would *only* require **Read** type-specific permissions, while the administrator profile at the same hierarchy would have **Create**, **Update** and **Delete** permissions for the same type. The default access profiles of the following administrators above Provider level have full general and type-specific permissions to all models: * ``hcsadmin`` (Provider product deployment) * ``entadmin`` (Enterprise product deployment) The lists below provide details on the types of settings. * **Miscellaneous Permissions** Many of these are general permissions that can be overridden per model as **Type Specific Permissions**. The explanations below show the affect of enabling the permission. * **Api Root**: Access to API root endpoint is permitted. * **Device Type Root**: Access to API ``device`` type model root endpoint is permitted. * **Export Data**: General permission to export data. * **Help**: On-line help button is shown. * **Help Export**: Help data can be exported. * **Json Editor**: Access to JSON Editor for the editing of model instances. A **JSON Edit** button is available on the GUI form. * **Login**: Login is allowed. * **Meta Schema**: Meta schema is accessible. * **Model Type Choices**: Access to API choices endpoint of model types is permitted. * **Model Type Root**: Access to API model root endpoint is permitted. * **Operations**: Operations on models are permitted. * **Tag**: Models can be tagged. * **Tool Root**: Access to API tool root endpoint is permitted. * **Upload**: Uploads are allowed. * **Type Specific Permissions** These are typically available on the GUI when listing or showing the type. .. note:: * The available permissions can vary according to the selected type. * If the **Create** type specific permission is enabled for a model type, this also enables **Clone** of a model instance. Typical operations are listed below: * **Create**, **Delete**, **Read**, **Update**: management operations on models. * **Configuration Template**, **Field Display Policy**: create these for the model. * **Export**, **Export Bulkoad Template** : allow export formats of the model. * **Bulk Update**: from a GUI list view, more than one item can be selected and updated. * For system level administrators above provider level: **Purge** for device models. From a list or instance view, remove the local database instance but retain it on the device. .. note:: This operation is only applicable in cases where the UC server is still online and available in the VOSS Automate system. * For designers: **Migration**: a migration template can be obtained. * For designers: **Tag** and **Tag Version**: a model instance can be tagged and a version provided. **See Also**: * .. raw:: latex Access Profile Overview in the Core Feature Guide .. raw:: html   Access Profile Overview