When subscribing to ODC, each customer is considered to be an Organization.
Each Organization will be able to set the permissions its users will have in it.
Typically, ther preferred way of assigning permissions to users is by using roles and groups.
In ODC, while roles concern organization roles, groups are targeted for end-users.
We will start by describing how roles work and which roles are available in ODC and then talk about groups and how can they be used.
Organization Roles
When talking about roles in ODC, they are strictly organization roles type, meant to assign access to specific functionality inside the ODC Portal and ODC Studio.
Organization roles allow access to specific functionalities or features in the ODC Portal - or no access at all, in the case a user doesn't have any role assigned, under this category, and they can also be applied by stage.
This kind of roles control acces to the following sections:
- Asset management - allowed operations in ODC assets, such as Open, Create, Debug, etc;
- Stage - concerning to which stage the role should be assigned from the list of existing stages;
- Release management - assign permissions for release and deployment (by stage);
- Monitoring - access to logs and traces, user information and app security;
- Configuration management - allow managment of ODC's configurations;
- Connection management - permissions for create, change, delete
- User Management - different access to management and access of user, role and group information;
- Forge - permissions for install/update assets and asset edition or submission;
- Support access - permissions for support case visualization or submission;
- Subscriptions - permssions to view the current Organization's subscription.
There are two predefined roles by default in ODC:
- Administrators
- Developers
These roles can't be modified or deleted, but they can be duplicated and used as a base to create custom organization roles. Names for such these duplicated roles can be edited and changed afterwards
If you want to create a new role from the ground, you are able to do it, by clicking in the "Create role" button and then follow the screen options assigning which sections you want to add to this new role.
Besides this Organization-based scope for the role, it can be even fine tuned to also include the App, so it's easy to manage a user role which is allowed to work with a specific funcionality, for a given app, instead of having a general organization role, which would be transversal to all Apps.
To create an new Organization role, you can do it from the ODC Portal, under the Manage section and by clicking on "Organization roles".
End-user groups
As mentioned, groups are meant to aggregate permissions which can be reused and spread by different users - in this case, ODC's Apps end-users.
One fundamental step which is not yet described in this article is the possibility of adding a company Identity Provider of choice, instead of using ODC's internal repository, which comes by default.
This will be described in the respective article.
When clicking on End-User groups (in ODC Portal), under the Manage tab, on the left navigation menu, one will be presented with a list of the existing groups, or an information that no users are available.
On the top right side of the screen there's a "Create group" button, with a drop down.
There will be as many options as the number of existing stages (since, as mentioned, this is meant for Apps end-users and not mean to assign to any role inside ODC Portal or ODC Studio; for that, please check the previous section).
Pick one stage and a new screen will be show:
Add a name for the new group and also a description.
The "End-user roles" option is actually misleading, as if you click on the "Add roles", it will show the available Apps and eventual roles defined for it, such as:
Meaning that the group would have permissions to work in the selected Apps.
The next option is "Group mappings". This option allows mapping the ODC end-user group with IdP groups, from the selected IdP provider (which can be selected from a list and needs to be set prior to this operation), namely using the claim name and value from the IdP. This operation needs to be done in collaboration with the IdP Team.
Last, but not least, users can be added directly to a group selecting them from the user list, by clicking in the "Add users" button.
In conclusion, end-user groups allow all users in a group to be able to access an App or Apps in ODC.
Comments
0 comments
Please sign in to leave a comment.