.. _access-profiles: Introduction to Access Profiles --------------------------------- .. _24.1|VOSS-1125: Overview .......... Access profiles define the model types that a user is allowed to access, and are assigned to users via Roles (default menus: **Role Management > Roles**). .. note:: Access profiles are subject to the following requirements: ========================== ======================================================================== Default access profiles These adhere to the following hierarchy of permissions: **Provider > Reseller > Customer > Site**. For instance, default Customer access profiles have less permissions than Provider access profiles. By default, the access profiles that ship with the system (except for Operator access profiles) have *read* and *export* permissions on all multi vendor subscriber quick actions and service card actions that are views, for example, ``view/DeleteCucmHuntGroupAllMembers`` (quick action, *Remove from all Hunt Groups*) or ``view/AddExtensionMobility`` (service card action, *Add Extension Mobility*). Cloned access profiles A cloned access profile has equal or less permissions than the access profile of the admin user who creates the clone. ========================== ======================================================================== When a system upgrade is performed, the default access profiles are updated in accordance with the above. .. note:: Existing cloned access profiles are **not** upgraded. You have to manually update them, or re-clone and modify them from the upgraded, default versions as needed. .. image:: /src/images/access-profiles.png .. rubric:: Related Topics * .. raw:: latex Access Profile Permissions and Operations in the Core Feature Guide .. raw:: html Access Profile Permissions and Operations Manage Access Profiles ........................ Admins at a higher level than Provider admins can view, add, edit, and delete access profiles via (default menus) **Role Management > Access Profiles**. The list view shows existing access profiles added to the system. * To add an access profile, click the Plus icon (+) from the list view, then fill out details on the configuration screen. * To delete an access profile, select an access profile in the list view, then click the **Delete** icon. * To edit an access profile, click on the access profile in the list to open the configuration screen. The table describes configuration options when adding or editing an access profile: .. tabularcolumns:: |p{4cm}|p{4cm}|p{7cm}| +---------------+---------------------------+----------------------------+ | Title | Field Name | Description | +===============+===========================+============================+ | Name * | name | The name that is given to | | | | the access profile. | +---------------+---------------------------+----------------------------+ | Description | description | A description for the | | | | access profile. | +---------------+---------------------------+----------------------------+ | | | Enabling this flag, grants | | Full Access | full_access | the user full system | | | | access. | +---------------+---------------------------+----------------------------+ | Miscellaneous | | The list of miscellaneous | | Permissions | miscellaneous_permissions | operations permitted by | | | | this access profile. | +---------------+---------------------------+----------------------------+ | Type Specific | | Configure permissions per | | Permissions | type_specific_permissions | model type for this access | | | | profile. | | | | | | | | These permissions override | | | | any Permitted Type | | | | permissions using a wild | | | | card "*" of the same type. | +---------------+---------------------------+----------------------------+ .. rubric:: Type Specific Permissions .. tabularcolumns:: |p{4cm}|p{4cm}|p{7cm}| +------------------+------------+--------------------------------------+ | Title | Field Name | Description | +==================+============+======================================+ | | | The type that is permitted by this | | Permitted Type * | type | Access Profile. This field supports | | | | the use of the * wildcard. | | | | | | | | The wildcard can be restricted by a | | | | Type Specific Permission of the same | | | | type. | +------------------+------------+--------------------------------------+ | Permitted | | The operations that are permitted by | | Operations | operations | this Access Profile for the given | | | | type. | +------------------+------------+--------------------------------------+