[Index]

Model: data/AccessProfile

Access Profile Permissions and Operations

Full HTML Help

Overview

Administrators above Provider level, for example, hcsadmin, can maintain access profiles as a part of managing roles. An access profile assigned to a role provides a general set of permissions and type-specific operations that are associated with specific models.

For type-specific operations, wild cards may be used in model references, for example data/*.

Note

Type-specific permissions that are also configured as general permitted operations will override the general permissions.

The default access profiles show typical configurations, for example an Operator-type profile at a hierarchy would only require Read type-specific permissions, while the administrator profile at the same hierarchy would have Create, Update and Delete permissions for the same type.

The default access profiles of the following administrators above Provider level have full general and type-specific permissions to all models:

Permissions

This section provides details on the following categories of permissions:

Miscellaneous permissions

Many of the miscellaneous permissions are general permissions that can be overridden per model as type-specific permissions.

The table describes miscellaneous permissions:

Permission Description
Api Root Allows access to the API root endpoint.
Copilot Chat Displays and allows the use of the VOSS Wingman AI assistant or copilot. This permission also requires the Enable Copilot Chat global setting (enabled by default) to be enabled. Refer to the Settings and Tools section in the Advanced Configuration Guide.
Device Type Root

Allows access to API device type model root endpoint.

https://<host_name>/api/device/cucm/
Export Data This permission is granted to users by default, regardless of their access profile. Allows export of data.
Help Displays the On-line help button.
Help Export Allows export of Help data.
Json Editor Allows access to the JSON Editor for the editing of model instances. Displays a JSON Edit button on the GUI.
Login Allows log in.
Meta Schema This permission is granted to users by default, regardless of their access profile. Allows access to meta schema. For example, https://<host_name>/api/device/cucm/AarGroup/schema/ returns schema details of the model /device/cucm/AarGroup/
Model Type Choices

This permission is granted to users by default, regardless of their access profile. Displays model type drop-downs (the drop-down is filtered to display only the the models allowed by the access profile).

Allows access to API choices endpoint of model types, for example, https://<host_name>/api/device/cucm/choices/ to list all instances of model type /device/cucm/.
Model Type Root Allows access to API model root endpoint, for example, https://<host_name>/api/device/
Operations Allows operations on models.
Tag Allows tagging of models.
Tool Root Allows access to API tool root endpoint; that is, https://<host_name>/api/tool/
Upload Allows uploads.

Dashboard permissions

Insights reporter resources (data/ReporterResource) required for the display of data on dashboards can be assigned individually as Specific Permissions in an access profile, or grouped into Dashboard Permission Groups, which can then be assigned. This simplifies the management of dashboard permissions. Access profiles allow for the management of these by means of transfer boxes.

If a user has access to a dashboard containing widgets that use reporter resources but the related access profile does not contain the resource, the widget data won't display and the user can't manage the widget.

Admins with access to Dashboard Permission Groups can manage these groups so that they can be managed in an access profile.

Admins with access profiles inherited from the default Provider-level access profile are allowed to create and delete these permission groups. If a specific permission is not selected but is in a selected permission group, the group selection applies.

An access profile's Dashboard permissions is a combination of resources selected from groups and specific permissions. For details on dashboards, see Automate Dashboards.

Type-specific permissions

Type-specific permissions are typically available on the GUI when listing or showing the type.

Note

The table describes some of the type-specific permissions:

Permission Description
data/DashboardFieldGrouping:read

Required for dashboards to work.

This permission is granted to users by default, regardless of their access profile.
view/HcsVersionVIEW Allows you to view About information.
data/UserSavedSearch:read Allows the user to view saved searches.
data/Alert:read Allows the user to receive alert notifications.
data/MenuLayout:read This permission is granted to users by default, regardless of their access profile.
data/Dashboard:read This permission is granted to users by default, regardless of their access profile.
data/HierarchyNode:read This permission is granted to users by default, regardless of their access profile.
data/SelfServiceTranslation:read This permission is granted to users by default, regardless of their access profile.

The table describes typical operations allowed by type-specific permissions:

Operation Description
Create, Delete, Read, Update Management operations on models.
Configuration Template, Field Display Policy Create these for the model.
Export, Export Bulkload Template Allow export formats of the model.
Bulk Update From a GUI list view, more than one item can be selected and updated.
Purge

Allows purge for device models, for system level administrators above Provider level.

From a list or instance view, removes the local database instance but retains it on the device.

This operation is only relevant where the UC server is still online and available in the Automate system.
Migration For designers. A migration template can be obtained.
Tag, Tag Version For designers. A model instance can be tagged and a version provided.

Dependent permissions

Dependent permissions are permissions that apply to some API endpoints and may be granted by virtue of having another permission in the access profile.

The following dependent permissions apply:

Related topics

Introduction to access profiles in the Core Feature Guide

Access profiles define model types that a user is permitted to access. Access profiles are assigned to users via Roles

Model Details: data/AccessProfile

Title Description Details
Name * The name that is given to the Access Profile.
  • Field Name: name
  • Type: String
Description A description for the Access Profile.
  • Field Name: description
  • Type: String
Full Access Enabling this flag, grants the user full system access.
  • Field Name: full_access
  • Type: Boolean
Miscellaneous Permissions The list of miscellaneous operations permitted by this Access Profile.
  • Field Name: miscellaneous_permissions.[n]
  • Type: Array
Dashboard Permissions
  • Field Name: dashboard_permissions
  • Type: Object
Dashboard Permission Groups The list of dashboard permission groups that are permitted by this Access Profile.
  • Field Name: dashboard_permission_groups.[n]
  • Type: Array
Specific Permissions The list of specific resources permissions that are permitted by this Access Profile.
  • Field Name: specific_permissions.[n]
  • Type: Array
Type Specific Permissions The list of types that are permitted by this Access Profile.
  • Field Name: type_specific_permissions.[n]
  • Type: Array
Permitted Type * The type that is permitted by this Access Profile. This field supports the use of the * wildcard.
  • Field Name: type_specific_permissions.[n].type
  • Type: String
  • Format: uri
Permitted Operations The operations that are permitted by this Access Profile for the given type.
  • Field Name: operations.[n]
  • Type: Array