Model: data/AccessProfile

Access Profile Permissions and Operations

Administrators above Provider level can maintain access profiles as a part of role management. For example, hcsadmin.

An access profile assigned to a role provides a general set of permissions and type-specific operations that are associated with specific models.

For type-specific operations, wild cards may be used in model references, for example data/*.

Note

Type-specific permissions that are also configured as general permitted operations will override the general permissions.

The default access profiles show typical configurations, for example an Operator-type profile at a hierarchy would only require Read type-specific permissions, while the administrator profile at the same hierarchy would have Create, Update and Delete permissions for the same type.

The default access profiles of the following administrators above Provider level have full general and type-specific permissions to all models:

hcsadmin (Provider product deployment)

entadmin (Enterprise product deployment)

The lists below provide details on the types of settings.

Miscellaneous Permissions

Many of these are general permissions that can be overridden per model as Type Specific Permissions.

The explanations below show the affect of enabling the permission.

Api Root: Access to API root endpoint is permitted.
Copilot Chat: Show and allow the use of the VOSS Wingman AI assistant or copilot. This permission also requires the Enable Copilot Chat global setting (enabled by default) to be enabled. Refer to the Settings and Tools section in the Advanced Configuration Guide.
Device Type Root: Access to API device type model root endpoint is permitted.

https://<host_name>/api/device/cucm/
Export Data: General permission to export data.
Help: On-line help button is shown.
Help Export: Help data can be exported.
Json Editor: Access to JSON Editor for the editing of model instances. A JSON Edit button is available on the GUI form.
Login: Login is allowed.
Meta Schema: Meta schema is accessible.

For example: https://<host_name>/api/device/cucm/AarGroup/schema/

returns schema details of the model /device/cucm/AarGroup/
Model Type Choices: Access to API choices endpoint of model types is permitted.

For example: https://<host_name>/api/device/cucm/choices/

to list all instances of model type /device/cucm/.
Model Type Root: Access to API model root endpoint is permitted.

For example: https://<host_name>/api/device/
Operations: Operations on models are permitted.
Tag: Models can be tagged.
Tool Root: Access to API tool root endpoint is permitted.

In other words: https://<host_name>/api/tool/
Upload: Uploads are allowed.

Dashboard Permissions

Insights reporter resources (data/ReporterResource) required for the display of data on dashboards can be assigned individually as Specific Permissions in an access profile, or grouped into Dashboard Permission Groups which can then be assigned - thereby simplifying the management of dashboard permissions. Access profiles allow for the management of these by means of transfer boxes.

If a user has access to a dashboard containing widgets that use reporter resources but the related access profile does not contain the resource, the widget data will not display and the user cannot manage the widget.

Administrators who have access to Dashboard Permission Groups can manage these groups so that they can be managed in an access profile. By default, provider and enterprise level administrators have access profiles that allow them to create and delete these permission groups.

If a specific permission is not selected but is in a selected permission group, the group selection applies. An access profile's Dashboard Permissions is therefore the union of resources selected from groups and specific permissions.

For details on dashboards, see: Automate Dashboards.

Type Specific Permissions

These are typically available on the GUI when listing or showing the type.

Note

The available permissions can vary according to the selected type.
If the Create type specific permission is enabled for a model type, this also enables Clone of a model instance.

Typical operations are listed below:

Create, Delete, Read, Update: management operations on models.
Configuration Template, Field Display Policy: create these for the model.
Export, Export Bulkoad Template : allow export formats of the model.
Bulk Update: from a GUI list view, more than one item can be selected and updated.
For system level administrators above provider level: Purge for device models. From a list or instance view, remove the local database instance but retain it on the device.

Note

This operation is only applicable in cases where the UC server is still online and available in the VOSS Automate system.
For designers: Migration: a migration template can be obtained.
For designers: Tag and Tag Version: a model instance can be tagged and a version provided.

Dependent Permissions

Dependent permissions are permissions that apply to some API endpoints which maybe be granted by virtue of having another permission in the Access Profile.

The following dependent permissions apply:

Permission to /api/handle_oauth_webex/

Granted by the permission to the Update operation on relation/SparkCustomer

Related Topics

Introduction to Access Profiles in the Core Feature Guide

Access profiles define model types that a user is permitted to access. Access profiles are assigned to users via Roles

Model Details: data/AccessProfile

An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title				Description	Details
Name *				The name that is given to the Access Profile.	Field Name: name Type: String
Description				A description for the Access Profile.	Field Name: description Type: String
Full Access				Enabling this flag, grants the user full system access.	Field Name: full_access Type: Boolean
	Miscellaneous Permissions			The list of miscellaneous operations permitted by this Access Profile.	Field Name: miscellaneous_permissions.[n] Type: Array
Dashboard Permissions					Field Name: dashboard_permissions Type: Object
		Dashboard Permission Groups		The list of dashboard permission groups that are permitted by this Access Profile.	Field Name: dashboard_permission_groups.[n] Type: Array
		Specific Permissions		The list of specific resources permissions that are permitted by this Access Profile.	Field Name: specific_permissions.[n] Type: Array
	Type Specific Permissions			The list of types that are permitted by this Access Profile.	Field Name: type_specific_permissions.[n] Type: Array
		Permitted Type *		The type that is permitted by this Access Profile. This field supports the use of the * wildcard.	Field Name: type_specific_permissions.[n].type Type: String Format: uri
			Permitted Operations	The operations that are permitted by this Access Profile for the given type.	Field Name: operations.[n] Type: Array