[Index]
Overview
Administrators at or above Provider level (for example, hcsadmin) can create and manage access profiles as part of role management.
An access profile defines:
You can use wildcards in model references (e.g., data/*) when defining type-specific operations.
Note
If a type-specific permission conflicts with a general permission, type-specific rules override general permissions.
The default access profiles illustrate typical use cases; for example:
The following Provider-level administrator roles have full general and type-specific permissions across all models:
Related topics
Permissions
Permissions fall into these categories:
These are general permissions. Many can be overridden via type-specific settings:
| Permission | Description |
|---|---|
| Api Root | Allows access to the API root endpoint. |
| Copilot Chat | Displays and enables the VOSS Wingman AI assistant. Requires the global setting Enable Copilot Chat enabled. Refer to the Settings and Tools section in the Advanced Configuration Guide. |
| Device Type Root | Allows access to the root endpoint for device type models. For example, https://<host_name>/api/device/cucm/ |
| Export Data | Granted to all users by default; allows export of search result data. |
| Help | Shows the online help button. |
| Help Export | Allows exporting of Help content. |
| JSON Editor | Enables editing model instances via the JSON Editor in the UI. |
| Login | Allows the user to login to the system. |
| Meta Schema | Default permission for all users; API endpoint providing access to model root endpoints. Used by the UI for populating itself with information about resources. Therefore, disable with extreme caution. |
| Model Type Choices | Default permission for all users; shows model type dropdowns and API model choices. |
| Model Type Root | Access to model root endpoints. For example, https://<host_name>/api/device/. |
| Operations | Allows operations to be run on models. |
| Tag | Allows tagging of search results. Removing the permission triggers a permission error. |
| Tool Root | Access to the API tool root endpoint (https://<host_name>/api/tool/) |
| Upload | Allows users to upload files. |
Note
The following permissions allow for discovery of resources in API integrations:
Dashboard permission groups group related Insights reporter resources (data/ReporterResource) that dashboards require.
You can either:
If a dashboard widget relies on a reporter resource that isn't included in the user's access profile:
Admins with inherited Provider-level access can create and delete dashboard permission groups.
A user's dashboard permissions consist of both of the following:
Related topics
These are shown in the UI when viewing or listing a particular model's type.
Note
Available permissions vary by model type. Enabling Create automatically enables Clone for that model type.
Examples of type-specific permissions
| Permission | Description |
|---|---|
| data/DashboardFieldGrouping:read | Required for dashboards; granted to all users. |
| view/HcsVersionVIEW | Allows viewing About information. |
| data/UserSavedSearch:read | Allows viewing saved searches. |
| data/Alert:read | Allows receiving alert notifications. |
| data/MenuLayout:read | Granted to all users by default. |
| data/Dashboard:read | Default for all users. |
| data/Dashboard:export_dashboard_data | Allows exporting dashboard data (not the schema). |
| data/HierarchyNode:read | Default for all users. |
| data/SelfServiceTranslation:read | Default for all users. |
Type-specific operations
| Operation | Description |
|---|---|
| Create, Delete, Read, Update | Standard model management operations. |
| Configuration Template / Field Display Policy | Allows creating templates and field policies. |
| Export / Export Bulkload Template | Enables export functionality. |
| Bulk Update | Allows bulk editing of selected list items. |
| Purge | For system administrators; removes the local database instance while retaining it on the device. Relevant only where the UC server is online and available in the VOSS system. |
| Migration | For designers; allows generating migration templates. |
| Tag / Tag Version | For designers; allows tagging model instances. |
Some API endpoints grant permissions through higher-level operations, and may be granted by having another permission in the access profile.
Example:
Permission to /api/handle_oauth_webex/
Granted automatically if the user has Update permission on relation/SparkCustomer
Related topics
Introduction to access profiles in the Core Feature Guide
This model defines a group of Insights resource permissions required for Dashboards.
| Title | Description | Details | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Name * | The name of the permission group. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Description | A description for the permission group. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Permissions | The list of resources permissions that are required by this dashboard. |
|
|||||||||||||||||||||||||||||||||||||||||||||||