permission matrix

Author: Visual Guard 54 views

Visual Guard offers 9 predefined roles to the user. Depending on the user role the amount of access to applications, groups, roles and users will be defined.
The matrix defined below defines the permissions associated with each role.

	Master Admin	Developer	Restricted Developer	Developer Deployer	Restricted Developer Deployer	User Admin	Restricted User Admin	Auditor	Restricted Auditor
Applications	ø
\Applications\CanCreateApplication	ø
\Applications\CanDeleteApplication	ø
\Applications\CanDeployApplication	ø			ø	ø
\Applications\CanReadAllApplications	ø	ø		ø		ø		ø
\Applications\CanReadApplication	ø	ø	ø	ø	ø	ø	ø	ø	ø
\Applications\CanUpdateApplication	ø	ø	ø	ø	ø
AuditAndReporting
\AuditAndReporting\CanGenerateDocumentation	ø					ø	ø	ø	ø
\AuditAndReporting\CanEditEventLogCategory	ø
\AuditAndReporting\CanReadEventLog	ø	ø	ø	ø	ø	ø	ø	ø	ø
Groups
\Groups\CanCreateGroup	ø					ø	ø
\Groups\CanReadGroup	ø	ø	ø	ø	ø	ø	ø	ø	ø
\Groups\CanUpdateGroup	ø					ø	ø
\Groups\CanDeleteGroup	ø					ø	ø
\Groups\CanReadAllGroups	ø							ø
Permissions
\Permissions\CanCreatePermission	ø	ø	ø	ø	ø
\Permissions\CanDeletePermission	ø	ø	ø	ø	ø
\Permissions\CanReadPermission	ø	ø	ø	ø	ø			ø	ø
\Permissions\CanUpdatePermission	ø	ø	ø	ø	ø
Permission Sets
\PermissionSets\CanCreatePermissionSet	ø	ø	ø	ø	ø
\PermissionSets\CanDeletePermissionSet	ø	ø	ø	ø	ø
\PermissionSets\CanReadPermissionSet	ø	ø	ø	ø	ø			ø	ø
\PermissionSets\CanUpdatePermissionSet	ø	ø	ø	ø	ø
\PermissionSets\CanGrantRevokePermissionSetsToApplicationRoles	ø	ø	ø	ø	ø
\PermissionSets\CanGrantRevokePermissionSetsToSharedRoles	ø	ø	ø	ø	ø
Repository
\Repository\CanDeleteRepository	ø
\Repository\CanDeployRepository	ø
\Repository\CanUpdatePasswordPolicy	ø
\Repository\CanUpdateRepository	ø
Roles
\Roles\CanCreateApplicationRole	ø	ø	ø	ø	ø	ø	ø
\Roles\CanCreateSharedRole	ø					ø	ø
\Roles\CanCreateSystemRole	ø
\Roles\CanDeleteApplicationRole	ø	ø	ø	ø	ø	ø	ø
\Roles\CanDeleteSharedRole	ø					ø	ø
\Roles\CanDeleteSystemRole	ø
\Roles\CanGrantRevokeApplicationRolesToGroups	ø	ø	ø	ø	ø	ø	ø
\Roles\CanGrantRevokeApplicationRolesToUsers	ø	ø	ø	ø	ø	ø	ø
\Roles\CanGrantRevokeSharedRolesToGroups	ø					ø	ø
\Roles\CanGrantRevokeSharedRolesToUsers	ø					ø	ø
\Roles\CanGrantRevokeSystemRolesToGroups	ø
\Roles\CanGrantRevokeSystemRolesToUsers	ø
\Roles\CanReadApplicationRole	ø	ø	ø	ø	ø	ø	ø	ø	ø
\Roles\CanReadSharedRole	ø	ø	ø	ø	ø	ø	ø	ø	ø
\Roles\CanReadSystemRole	ø					ø	ø	ø	ø
\Roles\CanUpdateApplicationRole	ø	ø	ø	ø	ø	ø	ø
\Roles\CanUpdateSharedRole	ø					ø	ø
\Roles\CanUpdateSystemRole	ø
Users
\Users\CanApprovePendingUsers	ø					ø	ø
\Users\CanAssignRemoveUsersToGroups	ø					ø	ø
\Users\CanCreateUser	ø					ø	ø
\Users\CanDeleteUser	ø					ø	ø
\Users\CanLockUnlockUser	ø					ø	ø
\Users\CanReadAllUsers	ø							ø
\Users\CanReadUser	ø	ø	ø	ø	ø	ø	ø	ø	ø
\Users\CanUpdateUser	ø					ø	ø
ADFS
\ADFS\CanCreateADFSServer	ø
\ADFS\CanDeleteADFSServer	ø
\ADFS\CanUpdateADFSServer	ø

Still stuck? How can we help?

Was this page helpful? Yes No