EdgeCore version: 4.3.0
This feature provides granularity with user management and EdgeCore access. User roles form the basis of role-based access, which means you can control what security permissions a user can have by assigning them a role.
Example
You want to set up an Editor role who could make and provision content but not create new domains, roles, or users.
After logging into the EdgeCore public API as the super admin, you would take the following steps:
- Add a new role (Editor).
- Add security permissions to the Editor role.
In this case, you would add the following permissions:permission.pipeline,permission.content, andpermission.provisioning.content. - Assign the corresponding pages (content) to the Editor role so that they appear in the system menu when the editor is logged in
In this case, you would assign the following pages:/Content Menu,/System Menu/Content/Connections,/System Menu/Content/Pipeline,/System Menu/Content/Pages, and/System Menu/Content/Provisioning. - Specify the domain the Editor role can manage.
- Assign users to the Editor role.
EdgeCore Security Permissions
The following table lists all available security permissions in EdgeCore.
|
Permissions |
Description |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions. Users with this permission can set their own secured variables. |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults. |
permission.provisioning.accounts |
Grants access to both the Provisioning Domains and Provisioning Users page. Allows for modification of the partial admin’s specified domains, but cannot create new domains or delete existing ones. Allows for creation of new users and modification or deletion of existing users within the specified domains. |
permission.provisioning.content |
Grants access to the Provisioning Domains page only; Allows for setting which content is provisioned for a specified domain. |
permission.provisioning.defaults |
Grants the permission to manage Defaults (Secured Variables, Credentials, Preferences, Password Policy) |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.backup |
Grants the permission to create archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
Permissions are hierarchical and correspond to the major components that are accessible within the UI. For example, the Provisioning (permission.provisioning) permission has 3 sub-permissions: Accounts (permission.provisioning.accounts), Content (permission.provisioning.content), and Defaults (permission.provisioning.defaults). You could assign any one of those permissions to a role, or assign the Provisioning permission to implicitly grant access to all 3.
EdgeCore Built-in Roles
Edge provides the following default roles:
- Full/Super Admin
The public APIs check that the user has the Full Admin role prior to granting access. This role is automatically granted the following permissions: root permission (Permission), Browser Access (permission.browserAccess), and Provisioning Accounts (permission.provisioning.accounts) upon starting the 4.3.0 server; In addition, this will also be applied if you are importing an older archive. - All Users
This role is automatically granted the following permissions upon starting the 4.3.0 server: Browser Access (permission.browserAccess), and Content View (permission.content.view); In addition, these will also be applied if you are importing an older archive.
Additionally, any roles from earlier versions of EdgeCore that had partial admin capability will automatically be granted permission.provisioning.accounts if you are importing an older archive.
Prerequisites
- Make sure you have a valid license.
- Access the EdgeCore public API.
This is done by using an API key as a means of authorization and sending the following key-value pair in the request header:edgeApiKey:<apikey> - Log in via the public API as the super admin to obtain a session cookie.
This is done by callingPOST /j_spring_security_check
Create/Add New Roles
Adding a new role is done by calling POST /public/roles/{roleName}.
Add Security Permissions to a Role via API
Adding security permissions to a role is done by calling PATCH /public/roles/{roleName}/securityPermissions.
Assign Security Permissions to a Role in the UI
EdgeCore version: 4.3.1.
You are able to modify the permissions for all roles, both user-created and system ones.
Additionally, security permission assignment can be explicit or implicit. If an explicitly assigned permission has sub-permissions, those sub-permissions are implicitly granted.
To assign permissions in the UI:
- Go to the Provision Roles page.
- Click the Permissions tab.
Available permissions are displayed.
- Select the permissions you want to assign.
- Click Save.
Changing Permissions for Full Admin
When changing permissions for the Full Admin in the UI, if the Browser Access (permission.browserAccess) and Provisioning Accounts (permission.provisioning.accounts) permissions are not included, a dialog will notify you that the said permissions will be assigned automatically.
Set and/or Update Role Content
Assigning corresponding pages to a role so that they appear in the system menu when the role is logged in is done by calling PUT /public/roles/{roleName}/content.
If a role has the permission to create and/or provision content within the domains it oversees, it is recommended that the role itself be provisioned at least part of the content menu. This will allow the role to actually view the new pages that it creates.
Moreover, adding additional pages to the role is done by calling PATCH /public/roles/{roleName}/content.
Add Domain Permissions
Specifying which domains a role can manage is done by calling PATCH /public/roles/{roleName}/domainPermissions.
Possible domains are:
<MyDomain>;
In this case, any user with this particular role will be able to make changes within their own domain;<AllDomains>;
In this case, the user can make changes to every domain in the system;- The name of any existing domain.
Add Users to a Role
Adding users to a role can be done either via the API or UI.
To do so via API, call POST /public/roles/{roleName}/users/{userName}@{domainName}.
If a non-admin user happens to have their role and/or the role’s security permissions updated while logged in, they should log out and log back in to receive the update.
EdgeCore 4.3.1 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions. Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults. |
permission.provisioning.accounts |
Grants access to both the Provisioning Domains and Provisioning Users page. Allows for modification of the partial admin’s specified domains, but cannot create new domains or delete existing ones. Allows for creation of new users and modification or deletion of existing users within the specified domains. |
permission.provisioning.content |
Grants access to the Provisioning Domains page only; Allows for setting which content is provisioned for a specified domain. |
permission.provisioning.defaults |
Grants the permission to manage Defaults (Secured Variables, Credentials, Preferences, Password Policy) |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.backup |
Grants the permission to create archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
EdgeCore 4.3.2 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.backup |
Grants the permission to create archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
EdgeCore 4.3.3 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.backup |
Grants the permission to create archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
EdgeCore 4.3.4 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.backup |
Grants the permission to create archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
EdgeCore 4.3.5 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.backup |
Grants the permission to create archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
EdgeCore 4.3.6 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.restore.full |
Grants the permission to restore full and partial archives |
permission.archives.restore.partial |
Grants the permission to restore only partial archives |
permission.archives.backup |
Grants the permission to create archives |
permission.archives.backup.full |
Grants the permission to create full and partial archives |
permission.archives.backup.partial |
Grants the permission to create only partial archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout
EdgeCore 4.3.7 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.restore.full |
Grants the permission to restore full and partial archives |
permission.archives.restore.partial |
Grants the permission to restore only partial archives |
permission.archives.backup |
Grants the permission to create archives |
permission.archives.backup.full |
Grants the permission to create full and partial archives |
permission.archives.backup.partial |
Grants the permission to create only partial archives |
permission.archives.delete |
Grants the permission to delete archives |
permission.archives.delete.full |
Grants the permission to delete full and partial archives |
permission.archives.delete.partial |
Grants the permission to delete only partial archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
permission.debug |
Grants the permission to use developer tools and extensions |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout
EdgeCore 4.3.8 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.restore.full |
Grants the permission to restore full and partial archives |
permission.archives.restore.partial |
Grants the permission to restore only partial archives |
permission.archives.backup |
Grants the permission to create archives |
permission.archives.backup.full |
Grants the permission to create full and partial archives |
permission.archives.backup.partial |
Grants the permission to create only partial archives |
permission.archives.delete |
Grants the permission to delete archives |
permission.archives.delete.full |
Grants the permission to delete full and partial archives |
permission.archives.delete.partial |
Grants the permission to delete only partial archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.viewLogs |
Grants the permission to view the server logs |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
permission.debug |
Grants the permission to use developer tools and extensions |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout
EdgeCore 4.3.9 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.restore.full |
Grants the permission to restore full and partial archives |
permission.archives.restore.partial |
Grants the permission to restore only partial archives |
permission.archives.backup |
Grants the permission to create archives |
permission.archives.backup.full |
Grants the permission to create full and partial archives |
permission.archives.backup.partial |
Grants the permission to create only partial archives |
permission.archives.delete |
Grants the permission to delete archives |
permission.archives.delete.full |
Grants the permission to delete full and partial archives |
permission.archives.delete.partial |
Grants the permission to delete only partial archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.themes |
Grants the permission to install and update themes |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.viewLogs |
Grants the permission to view the server logs |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
permission.debug |
Grants the permission to use developer tools and extensions |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout
EdgeCore 4.6.1 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.pipeline.fetch |
Grants the permission to fetch edgeCore data using the producer ID |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.roles |
Grants the permission to add roles and modify role-level secured variables and credential settings |
permission.provisioning.roles.assigncontent |
Grants the permission to modify role-specific content/page assignments |
permission.provisioning.roles.assignroles |
Grants the permission to add users to or remove users from roles; This permission also requires either the Modify Domains or the Modify Users permission; |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.domains.accounts.users |
Grants the permission to add users or remove users from domains and modify user-level secured variables, credentials, and kiosk mode settings |
permission.provisioning.domains.secparams |
Grants the permission to modify secured variables and credentials for specific domains / users; This also requires either the Modify Domains or Modify Users permission; |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.restore.full |
Grants the permission to restore full and partial archives |
permission.archives.restore.partial |
Grants the permission to restore only partial archives |
permission.archives.backup |
Grants the permission to create archives |
permission.archives.backup.full |
Grants the permission to create full and partial archives |
permission.archives.backup.partial |
Grants the permission to create only partial archives |
permission.archives.delete |
Grants the permission to delete archives |
permission.archives.delete.full |
Grants the permission to delete full and partial archives |
permission.archives.delete.partial |
Grants the permission to delete only partial archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.themes |
Grants the permission to install and update themes |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.viewLogs |
Grants the permission to view the server logs |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
permission.debug |
Grants the permission to use developer tools and extensions |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout
Managing Content Assigned to Roles
A particular role/user can assign (or unassign) content to other roles.
Note: Non-admin users cannot assign or unassign content from the Full Admin or My Domain Admin roles (if they try to do so, an error will appear). In addition, make sure that the Content permission is also assigned to this role. A demo is available here.
Modifying Role Assignments
A particular role/user can add (or remove) users to a role. In order to be able to add users, this role also needs to have either Modify Domains and Users or Modify Users permission.
Note: Non-admin users cannot add or remove users from the Full Admin or My Domain Admin roles (if they try to do so, an error will appear). A demo is available here.
Modifying Security Parameters
A particular role/user can modify secured variables and credentials for specific users or domains.
Note: This role also needs to have either Modify Domains and Users or Modify Users permission. A demo is available here.
EdgeCore 4.6.3 Version
The following table lists all available security permissions in edgeCore.
| Permissions | Description |
permission |
Grants the core permissions to access nearly all admin features (role management and server configuration are reserved for Full Admin) |
permission.browserAccess |
Grants the permission to use the edgeCore browser client |
permission.changeOwnPassword |
Grants the permission to change one’s own password |
permission.pipeline |
Grants the permission to modify the data pipeline |
permission.pipeline.edit |
Grants the permission to modify the edgeCore data pipeline |
permission.pipeline.view |
Grants the permission to view the edgeCore data pipeline with read-only access |
permission.pipeline.fetch |
Grants the permission to fetch edgeCore data using the producer ID |
permission.content |
Grants the permission to perform all operations on provisioned content – Pages, Folders, Actions |
permission.content.edit
|
Grants the permission to edit provisioned content – Pages, Folders, Actions |
permission.content.view |
Grants the permission to view provisioned content – Pages, Folders, Actions; Users with this permission can set their own secured variables. |
permission.content.invokeActions |
Grants the permission to invoke server actions |
permission.provisioning |
Grants the permission to view and modify all Provisioning configurations – Domains, Users, Assigned Content, and Defaults |
permission.provisioning.roles |
Grants the permission to add roles and modify role-level secured variables and credential settings |
permission.provisioning.roles.assigncontent |
Grants the permission to modify role-specific content/page assignments |
permission.provisioning.roles.assignroles |
Grants the permission to add users to or remove users from roles; This permission also requires either the Modify Domains or the Modify Users permission; |
permission.provisioning.domains |
Grants the permission to view and modify User/Domain specific Provisioning configuration |
permission.provisioning.domains.accounts |
Grants the permission to add Users to or remove Users from Domains and modify Domain- or User-level Secured Variables, Credentials, Preferences, Password Policy, and Kiosk Mode settings |
permission.provisioning.domains.content |
Grants the permission to provision content (Pages and Folders) for specific Domains |
permission.provisioning.domains.accounts.users |
Grants the permission to add users or remove users from domains and modify user-level secured variables, credentials, and kiosk mode settings |
permission.provisioning.domains.secparams |
Grants the permission to modify secured variables and credentials for specific domains / users; This also requires either the Modify Domains or Modify Users permission; |
permission.provisioning.defaults |
Grants the permission to create, remove, and modify default Secured Variables, Credentials, Preferences, and Password Policies |
permission.provisioning.domains.author |
Grants the permission to create and delete domains |
permission.provisioning.domains.kiosk |
Grants the permission to assign the kiosk mode |
permission.archives |
Grants the permission to create and restore archives |
permission.archives.restore |
Grants the permission to restore archives |
permission.archives.restore.full |
Grants the permission to restore full and partial archives |
permission.archives.restore.partial |
Grants the permission to restore only partial archives |
permission.archives.backup |
Grants the permission to create archives |
permission.archives.backup.full |
Grants the permission to create full and partial archives |
permission.archives.backup.partial |
Grants the permission to create only partial archives |
permission.archives.delete |
Grants the permission to delete archives |
permission.archives.delete.full |
Grants the permission to delete full and partial archives |
permission.archives.delete.partial |
Grants the permission to delete only partial archives |
permission.extensions |
Grants the permission to install and upgrade Extensions (previously known as modules/adapters), as well as deploy content bundles |
permission.themes |
Grants the permission to install and update themes |
permission.clientFilters |
Grants the permission to view and modify Client Filters |
permission.colorPalettes |
Grants the permission to view and modify Color Palettes |
permission.constraints |
Grants the permission to view and modify Constraints |
permission.mapLayers |
Grants the permission to view and modify Map Layers |
permission.ruleSets |
Grants the permission to view and modify Rule Sets |
permission.rpa |
Grants the permission to record and invoke RPA scripts |
permission.rpa.play |
Grants the permission to invoke RPA scripts via actions on a page |
permission.rpa.record |
Grants the permission to record RPA scripts via the Edit mode of a page |
permission.system |
Grants the permission to access various system settings |
permission.system.viewAbout |
Grants the permission to view the About System dialog |
permission.system.jobStatus |
Grants the permission to view the Job Status information pertaining to the edgeCore data pipeline |
permission.system.license |
Grants the permission to view and manage the server license |
permission.system.viewLogs |
Grants the permission to view the server logs |
permission.system.sessions |
Grants the permission to view and manage the server’s active sessions |
permission.system.cluster |
Grants the permission to initialize and manage a server cluster |
permission.system.viewSystemInfo |
Grants the permission to view the System Info dialog |
permission.debug |
Grants the permission to use developer tools and extensions |
By default, the following permissions are assigned to the All Users role:
– permission.browserAccess
– permission.content.view
– permission.system.viewAbout
Creating and Deleting Domains
A particular role/user can create and delete domains.
Note: make sure that the Modify Domains and/or Users permission is also assigned to this role.
Assigning Kiosk Mode
A particular role/user can assign kiosk mode.
Note: make sure that the Modify Domains and/or Users permission is also assigned to this role.
