No Results
Role-based Access and Security Permissions

EdgeCore version: 4.3.0

This feature provides granularity with user management and EdgeCore access. User roles form the basis of role-based access, which means you can control what security permissions a user can have by assigning them a role.

Example

You want to set up an Editor role who could make and provision content but not create new domains, roles, or users.
After logging into the EdgeCore public API as the super admin, you would take the following steps:

  • Add a new role (Editor).
  • Add security permissions to the Editor role.
    In this case, you would add the following permissions: permission.pipeline, permission.content, and permission.provisioning.content.
  • Assign the corresponding pages (content) to the Editor role so that they appear in the system menu when the editor is logged in
    In this case, you would assign the following pages: /Content Menu, /System Menu/Content/Connections, /System Menu/Content/Pipeline, /System Menu/Content/Pages, and /System Menu/Content/Provisioning.
  • Specify the domain the Editor role can manage.
  • Assign users to the Editor role.

EdgeCore Security Permissions

The following table lists all available security permissions in EdgeCore.

Permissions

Description

permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.pipeline
Grants the permission to modify the data pipeline
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions.  Users with this permission can set their own secured variables.
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults.
permission.provisioning.accounts
Grants access to both the Provisioning Domains and Provisioning Users page. Allows for modification of the partial admin’s specified domains, but cannot create new domains or delete existing ones. Allows for creation of new users and modification or deletion of existing users within the specified domains.
permission.provisioning.content
Grants access to the Provisioning Domains page only; Allows for setting which content is provisioned for a specified domain.
permission.provisioning.defaults
Grants the permission to manage Defaults (Secured Variables, Credentials, Preferences, Password Policy)
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.backup
Grants the permission to create archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

Permissions are hierarchical and correspond to the major components that are accessible within the UI. For example, the Provisioning (permission.provisioning) permission has 3 sub-permissions: Accounts (permission.provisioning.accounts), Content (permission.provisioning.content), and Defaults (permission.provisioning.defaults). You could assign any one of those permissions to a role, or assign the Provisioning permission to implicitly grant access to all 3.

EdgeCore Built-in Roles

Edge provides the following default roles:

  • Full/Super Admin
    The public APIs check that the user has the Full Admin role prior to granting access. This role is automatically granted the following permissions: root permission (Permission), Browser Access (permission.browserAccess), and Provisioning Accounts (permission.provisioning.accounts) upon starting the 4.3.0 server; In addition, this will also be applied if you are importing an older archive.
  • All Users
    This role is automatically granted the following permissions upon starting the 4.3.0 server: Browser Access (permission.browserAccess), and Content View (permission.content.view); In addition, these will also be applied if you are importing an older archive.

Additionally, any roles from earlier versions of EdgeCore that had partial admin capability will automatically be granted permission.provisioning.accounts if you are importing an older archive.

Prerequisites

  • Make sure you have a valid license.
  • Access the EdgeCore public API.
    This is done by using an API key as a means of authorization and sending the following key-value pair in the request header: edgeApiKey:<apikey>
  • Log in via the public API as the super admin to obtain a session cookie.
    This is done by calling POST /j_spring_security_check

Create/Add New Roles

Adding a new role is done by calling POST /public/roles/{roleName}.

Add Security Permissions to a Role via API

Adding security permissions to a role is done by calling PATCH /public/roles/{roleName}/securityPermissions.

Assign Security Permissions to a Role in the UI

EdgeCore version: 4.3.1.
You are able to modify the permissions for all roles, both user-created and system ones.
Additionally, security permission assignment can be explicit or implicit. If an explicitly assigned permission has sub-permissions, those sub-permissions are implicitly granted.

To assign permissions in the UI:

  1. Go to the Provision Roles page.
  2. Click the Permissions tab.
    Available permissions are displayed.
  3. Select the permissions you want to assign.
  4. Click Save.

 

Changing Permissions for Full Admin

When changing permissions for the Full Admin in the UI, if the Browser Access (permission.browserAccess) and Provisioning Accounts (permission.provisioning.accounts) permissions are not included, a dialog will notify you that the said permissions will be assigned automatically.

Set and/or Update Role Content

Assigning corresponding pages to a role so that they appear in the system menu when the role is logged in is done by calling PUT /public/roles/{roleName}/content.

If a role has the permission to create and/or provision content within the domains it oversees, it is recommended that the role itself be provisioned at least part of the content menu. This will allow the role to actually view the new pages that it creates.

Moreover, adding additional pages to the role is done by calling PATCH /public/roles/{roleName}/content.

Add Domain Permissions

Specifying which domains a role can manage is done by calling PATCH /public/roles/{roleName}/domainPermissions.

Possible domains are:

  • <MyDomain>;
    In this case, any user with this particular role will be able to make changes within their own domain;
  • <AllDomains>;
    In this case, the user can make changes to every domain in the system;
  • The name of any existing domain.

Add Users to a Role

Adding users to a role can be done either via the API or UI.

To do so via API, call POST /public/roles/{roleName}/users/{userName}@{domainName}.

If a non-admin user happens to have their role and/or the role’s security permissions updated while logged in, they should log out and log back in to receive the update.

EdgeCore 4.3.1 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.pipeline
Grants the permission to modify the data pipeline
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions.  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults.
permission.provisioning.accounts
Grants access to both the Provisioning Domains and Provisioning Users page. Allows for modification of the partial admin’s specified domains, but cannot create new domains or delete existing ones. Allows for creation of new users and modification or deletion of existing users within the specified domains.
permission.provisioning.content
Grants access to the Provisioning Domains page only; Allows for setting which content is provisioned for a specified domain.
permission.provisioning.defaults
Grants the permission to manage Defaults (Secured Variables, Credentials, Preferences, Password Policy)
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.backup
Grants the permission to create archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view

EdgeCore 4.3.2 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants  the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.backup
Grants the permission to create archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view

EdgeCore 4.3.3 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants  the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.backup
Grants the permission to create archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view

EdgeCore 4.3.4 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants  the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.backup
Grants the permission to create archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view

EdgeCore 4.3.5 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants  the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.backup
Grants the permission to create archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view

EdgeCore 4.3.6 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.restore.full
Grants the permission to restore full and partial archives
permission.archives.restore.partial
Grants the permission to restore only partial archives
permission.archives.backup
Grants the permission to create archives
permission.archives.backup.full
Grants the permission to create full and partial archives
permission.archives.backup.partial
Grants the permission to create only partial archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog

By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout

 

EdgeCore 4.3.7 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.restore.full
Grants the permission to restore full and partial archives
permission.archives.restore.partial
Grants the permission to restore only partial archives
permission.archives.backup
Grants the permission to create archives
permission.archives.backup.full
Grants the permission to create full and partial archives
permission.archives.backup.partial
Grants the permission to create only partial archives
permission.archives.delete
Grants the permission to delete archives
permission.archives.delete.full
Grants the permission to delete full and partial archives
permission.archives.delete.partial
Grants the permission to delete only partial archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog
permission.debug
Grants the permission to use developer tools and extensions

By default, the following permissions are assigned to the All Users role:

– permission.browserAccess
– permission.content.view
– permission.system.viewAbout

 

EdgeCore 4.3.8 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.restore.full
Grants the permission to restore full and partial archives
permission.archives.restore.partial
Grants the permission to restore only partial archives
permission.archives.backup
Grants the permission to create archives
permission.archives.backup.full
Grants the permission to create full and partial archives
permission.archives.backup.partial
Grants the permission to create only partial archives
permission.archives.delete
Grants the permission to delete archives
permission.archives.delete.full
Grants the permission to delete full and partial archives
permission.archives.delete.partial
Grants the permission to delete only partial archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.viewLogs
Grants the permission to view the server logs
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog
permission.debug
Grants the permission to use developer tools and extensions

By default, the following permissions are assigned to the All Users role:

– permission.browserAccess
– permission.content.view
– permission.system.viewAbout

 

EdgeCore 4.3.9 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.domains
Grants the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.restore.full
Grants the permission to restore full and partial archives
permission.archives.restore.partial
Grants the permission to restore only partial archives
permission.archives.backup
Grants the permission to create archives
permission.archives.backup.full
Grants the permission to create full and partial archives
permission.archives.backup.partial
Grants the permission to create only partial archives
permission.archives.delete
Grants the permission to delete archives
permission.archives.delete.full
Grants the permission to delete full and partial archives
permission.archives.delete.partial
Grants the permission to delete only partial archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.themes
Grants the permission to install and update themes
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.viewLogs
Grants the permission to view the server logs
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog
permission.debug
Grants the permission to use developer tools and extensions

By default, the following permissions are assigned to the All Users role:

– permission.browserAccess
– permission.content.view
– permission.system.viewAbout

EdgeCore 4.6.1 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.pipeline.fetch
Grants the permission to fetch edgeCore data using the producer ID
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.roles
Grants the permission to add roles and modify role-level secured variables and credential settings
permission.provisioning.roles.assigncontent
Grants the permission to modify role-specific content/page assignments
permission.provisioning.roles.assignroles
Grants the permission to add users to or remove users from roles; This permission also requires either the Modify Domains or the Modify Users permission;
permission.provisioning.domains
Grants the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.domains.accounts.users
Grants the permission to add users or remove users from domains and modify user-level secured variables, credentials, and kiosk mode settings
permission.provisioning.domains.secparams
Grants the permission to modify secured variables and credentials for specific domains / users; This also requires either the Modify Domains or Modify Users permission;
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.restore.full
Grants the permission to restore full and partial archives
permission.archives.restore.partial
Grants the permission to restore only partial archives
permission.archives.backup
Grants the permission to create archives
permission.archives.backup.full
Grants the permission to create full and partial archives
permission.archives.backup.partial
Grants the permission to create only partial archives
permission.archives.delete
Grants the permission to delete archives
permission.archives.delete.full
Grants the permission to delete full and partial archives
permission.archives.delete.partial
Grants the permission to delete only partial archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.themes
Grants the permission to install and update themes
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.viewLogs
Grants the permission to view the server logs
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog
permission.debug
Grants the permission to use developer tools and extensions

By default, the following permissions are assigned to the All Users role:

– permission.browserAccess
– permission.content.view
– permission.system.viewAbout

Managing Content Assigned to Roles

A  particular role/user can assign (or unassign) content to other roles.
Note: Non-admin users cannot assign or unassign content from the Full Admin or My Domain Admin roles (if they try to do so, an error will appear). In addition, make sure that the Content permission is also assigned to this role. A demo is available here.

Modifying Role Assignments

A particular role/user can add (or remove) users to a role. In order to be able to add users, this role also needs to have either Modify Domains and Users or Modify Users permission.
Note: Non-admin users cannot add or remove users from the Full Admin or My Domain Admin roles (if they try to do so, an error will appear). A demo is available here.

Modifying Security Parameters

A particular role/user can modify secured variables and credentials for specific users or domains.
Note: This role also needs to have either Modify Domains and Users or Modify Users permission. A demo is available here.

 

EdgeCore 4.6.3 Version

The following table lists all available security permissions in edgeCore.

Permissions Description
permission
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin)
permission.browserAccess
Grants the permission to use the edgeCore browser client
permission.changeOwnPassword
Grants the permission to change one’s own password
permission.pipeline
Grants the permission to modify the data pipeline
permission.pipeline.edit
Grants the permission to modify the edgeCore data pipeline
permission.pipeline.view
Grants the permission to view the edgeCore data pipeline with read-only access
permission.pipeline.fetch
Grants the permission to fetch edgeCore data using the producer ID
permission.content
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions
permission.content.edit

 

Grants the permission to edit provisioned content – Pages, Folders, Actions
permission.content.view
Grants the permission to view provisioned content – Pages, Folders, Actions;  Users with this permission can set their own secured variables.
permission.content.invokeActions
Grants the permission to invoke server actions
permission.provisioning
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults
permission.provisioning.roles
Grants the permission to add roles and modify role-level secured variables and credential settings
permission.provisioning.roles.assigncontent
Grants the permission to modify role-specific content/page assignments
permission.provisioning.roles.assignroles
Grants the permission to add users to or remove users from roles; This permission also requires either the Modify Domains or the Modify Users permission;
permission.provisioning.domains
Grants the permission to view and modify User/Domain specific Provisioning configuration
permission.provisioning.domains.accounts
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings
permission.provisioning.domains.content
Grants the permission to provision content (Pages and Folders) for specific Domains
permission.provisioning.domains.accounts.users
Grants the permission to add users or remove users from domains and modify user-level secured variables, credentials, and kiosk mode settings
permission.provisioning.domains.secparams
Grants the permission to modify secured variables and credentials for specific domains / users; This also requires either the Modify Domains or Modify Users permission;
permission.provisioning.defaults
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies
permission.provisioning.domains.author
Grants the permission to create and delete domains
permission.provisioning.domains.kiosk
Grants the permission to assign the kiosk mode
permission.archives
Grants the permission to create and restore archives
permission.archives.restore
Grants the permission to restore archives
permission.archives.restore.full
Grants the permission to restore full and partial archives
permission.archives.restore.partial
Grants the permission to restore only partial archives
permission.archives.backup
Grants the permission to create archives
permission.archives.backup.full
Grants the permission to create full and partial archives
permission.archives.backup.partial
Grants the permission to create only partial archives
permission.archives.delete
Grants the permission to delete archives
permission.archives.delete.full
Grants the permission to delete full and partial archives
permission.archives.delete.partial
Grants the permission to delete only partial archives
permission.extensions
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles
permission.themes
Grants the permission to install and update themes
permission.clientFilters
Grants the permission to view and modify Client Filters
permission.colorPalettes
Grants the permission to view and modify Color Palettes
permission.constraints
Grants the permission to view and modify Constraints
permission.mapLayers
Grants the permission to view and modify Map Layers
permission.ruleSets
Grants the permission to view and modify Rule Sets
permission.rpa
Grants the permission to record and invoke RPA scripts
permission.rpa.play
Grants the permission to invoke RPA scripts via actions on a page
permission.rpa.record
Grants the permission to record RPA scripts via the Edit mode of a page
permission.system
Grants the permission to access various system settings
permission.system.viewAbout
Grants the permission to view the About System dialog
permission.system.jobStatus
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline
permission.system.license
Grants the permission to view and manage the server license
permission.system.viewLogs
Grants the permission to view the server logs
permission.system.sessions
Grants the permission to view and manage the server’s active sessions
permission.system.cluster
Grants the permission to initialize and manage a server cluster
permission.system.viewSystemInfo
Grants the permission to view the System Info dialog
permission.debug
Grants the permission to use developer tools and extensions

By default, the following permissions are assigned to the All Users role:

– permission.browserAccess
– permission.content.view
– permission.system.viewAbout

Creating and Deleting Domains

A particular role/user can create and delete domains.
Note: make sure that the Modify Domains and/or Users permission is also assigned to this role.

Assigning Kiosk Mode

A particular role/user can assign kiosk mode.
Note: make sure that the Modify Domains and/or Users permission is also assigned to this role.

 


Terms | Privacy