permission matrix
Visual Guard offers 9 predefined roles to the user. Depending on the user role the amount of access to applications, groups, roles and users will be defined.
The matrix defined below defines the permissions associated with each role.
Master Admin | Developer | Restricted Developer | Developer Deployer | Restricted Developer Deployer | User Admin | Restricted User Admin | Auditor | Restricted Auditor | |
Applications | ø | ||||||||
\Applications\CanCreateApplication | ø | ||||||||
\Applications\CanDeleteApplication | ø | ||||||||
\Applications\CanDeployApplication | ø | ø | ø | ||||||
\Applications\CanReadAllApplications | ø | ø | ø | ø | ø | ||||
\Applications\CanReadApplication | ø | ø | ø | ø | ø | ø | ø | ø | ø |
\Applications\CanUpdateApplication | ø | ø | ø | ø | ø | ||||
AuditAndReporting | |||||||||
\AuditAndReporting\CanGenerateDocumentation | ø | ø | ø | ø | ø | ||||
\AuditAndReporting\CanEditEventLogCategory | ø | ||||||||
\AuditAndReporting\CanReadEventLog | ø | ø | ø | ø | ø | ø | ø | ø | ø |
Groups | |||||||||
\Groups\CanCreateGroup | ø | ø | ø | ||||||
\Groups\CanReadGroup | ø | ø | ø | ø | ø | ø | ø | ø | ø |
\Groups\CanUpdateGroup | ø | ø | ø | ||||||
\Groups\CanDeleteGroup | ø | ø | ø | ||||||
\Groups\CanReadAllGroups | ø | ø | |||||||
Permissions | |||||||||
\Permissions\CanCreatePermission | ø | ø | ø | ø | ø | ||||
\Permissions\CanDeletePermission | ø | ø | ø | ø | ø | ||||
\Permissions\CanReadPermission | ø | ø | ø | ø | ø | ø | ø | ||
\Permissions\CanUpdatePermission | ø | ø | ø | ø | ø | ||||
Permission Sets | |||||||||
\PermissionSets\CanCreatePermissionSet | ø | ø | ø | ø | ø | ||||
\PermissionSets\CanDeletePermissionSet | ø | ø | ø | ø | ø | ||||
\PermissionSets\CanReadPermissionSet | ø | ø | ø | ø | ø | ø | ø | ||
\PermissionSets\CanUpdatePermissionSet | ø | ø | ø | ø | ø | ||||
\PermissionSets\CanGrantRevokePermissionSetsToApplicationRoles | ø | ø | ø | ø | ø | ||||
\PermissionSets\CanGrantRevokePermissionSetsToSharedRoles | ø | ø | ø | ø | ø | ||||
Repository | |||||||||
\Repository\CanDeleteRepository | ø | ||||||||
\Repository\CanDeployRepository | ø | ||||||||
\Repository\CanUpdatePasswordPolicy | ø | ||||||||
\Repository\CanUpdateRepository | ø | ||||||||
Roles | |||||||||
\Roles\CanCreateApplicationRole | ø | ø | ø | ø | ø | ø | ø | ||
\Roles\CanCreateSharedRole | ø | ø | ø | ||||||
\Roles\CanCreateSystemRole | ø | ||||||||
\Roles\CanDeleteApplicationRole | ø | ø | ø | ø | ø | ø | ø | ||
\Roles\CanDeleteSharedRole | ø | ø | ø | ||||||
\Roles\CanDeleteSystemRole | ø | ||||||||
\Roles\CanGrantRevokeApplicationRolesToGroups | ø | ø | ø | ø | ø | ø | ø | ||
\Roles\CanGrantRevokeApplicationRolesToUsers | ø | ø | ø | ø | ø | ø | ø | ||
\Roles\CanGrantRevokeSharedRolesToGroups | ø | ø | ø | ||||||
\Roles\CanGrantRevokeSharedRolesToUsers | ø | ø | ø | ||||||
\Roles\CanGrantRevokeSystemRolesToGroups | ø | ||||||||
\Roles\CanGrantRevokeSystemRolesToUsers | ø | ||||||||
\Roles\CanReadApplicationRole | ø | ø | ø | ø | ø | ø | ø | ø | ø |
\Roles\CanReadSharedRole | ø | ø | ø | ø | ø | ø | ø | ø | ø |
\Roles\CanReadSystemRole | ø | ø | ø | ø | ø | ||||
\Roles\CanUpdateApplicationRole | ø | ø | ø | ø | ø | ø | ø | ||
\Roles\CanUpdateSharedRole | ø | ø | ø | ||||||
\Roles\CanUpdateSystemRole | ø | ||||||||
Users | |||||||||
\Users\CanApprovePendingUsers | ø | ø | ø | ||||||
\Users\CanAssignRemoveUsersToGroups | ø | ø | ø | ||||||
\Users\CanCreateUser | ø | ø | ø | ||||||
\Users\CanDeleteUser | ø | ø | ø | ||||||
\Users\CanLockUnlockUser | ø | ø | ø | ||||||
\Users\CanReadAllUsers | ø | ø | |||||||
\Users\CanReadUser | ø | ø | ø | ø | ø | ø | ø | ø | ø |
\Users\CanUpdateUser | ø | ø | ø | ||||||
ADFS | |||||||||
\ADFS\CanCreateADFSServer | ø | ||||||||
\ADFS\CanDeleteADFSServer | ø | ||||||||
\ADFS\CanUpdateADFSServer | ø |