|
|
|
|
|
|
Permissions are used to control access to the pasUnity system. Permissions are only available if pasPortal Integrated Security is enabled in System Configuration. If pasPortal Integrated Security is not enabled all users will have full access to the pasUnity system and the Permission Editor tabs will not be visible throughout the system.
Permissions can be granted at the System level or at the more specific Agent, Job, Impeller, Account, and Matrix levels as detailed below. Permissions are granted to Roles. Roles are created and users are assigned to roles in the pasPortal application.
To assign permissions using the permission editor the interactive user must check the boxes of the types of permission they wish to grant from the Permissions list as shown below. Next, highlight the name of a role to grant the permission(s) to from the Roles list. Finally, click the assignment button to move the role and permission(s) to the Configured Permissions grid and make them permanent.
To remove role permissions, highlight the row in the Configured Permissions grid and press DELETE.
Permissions can only be granted, not denied. For example: There are three Agents on a pasUnity system. User A should have full access to the first two agents and no access to the third. To achieve this, a role for which User A is a member should be granted Full permission at the Agent level for both the first and second Agents.
Permissions function in a cumulative manner. For example: User B's role is granted Read permission at the System level and Full permission at the Job level. User B will have Read access to the pasUnity system and Read, Edit, and Execute access for the specific Job.
System Level
•Read: Role members can view all contents of the System. Role members are not able to make any changes to the System or execute any jobs unless additional permissions are granted elsewhere.
•Security: Role members can assign Permissions at all levels with the exception of Full System Administrator. Role members must have at least Read permission.
•Payload: Role members can upload new payloads to the System.
•Full: Role members can view, edit, and delete information from the entire System. This includes all Agents, Jobs, Impellers, Accounts, and Matrices. Role members can also upload new payloads to the System. NOTE: Full permission does NOT include the ability to Execute impellers remotely. The Execute permission must be granted at the Impeller level.
Agent Level
If an Agent is designated as the Collector Agent for a given Account, users with permissions to the Agent will be able to view limited Account information.
•Read: Role members can view all Jobs, Impellers, Job Steps, and Activity within the Agent. Role members are not able to make any changes to the Agent or execute any jobs.
•Edit: Role members can edit and delete all contents of the Agent. Role members are not able to execute jobs. Role members must have at least Read permission.
•Full: Role members can view, edit, and delete all contents of the Agent and execute jobs. NOTE: Full permission does NOT include the ability to Execute impellers remotely. The Execute permission must be granted at the Impeller level.
Job Level
Role members must have at least Read permission to the Agent or System.
•Read: Role members can view all Impellers, Job Steps, and History within the Job. Role members are not able to make any changes to the Job or execute the job.
•Edit: Role members can view and edit all contents of the Job. Role members are not able to execute the job.
•Execute: Role members can execute the job.
•Full: Role members can view, edit, and delete all contents of the Job and execute the job. NOTE: Full permission does NOT include the ability to Execute impellers remotely. The Execute permission must be granted at the Impeller level.
Impeller Level
•Read: Role members can view the impeller when interacting with pasUnity through independently written code. Read permission is not required for role members directly interacting with the pasUnity application.
•Execute: Role members can execute the impeller remotely through the pasPortal application or through independently written code.
•Full: Role members can execute the impeller remotely through the pasPortal application and have full access to the impeller through independently written code.
Account Level
•Read: Role members can view all contents of the Account. Role members are not able to make any changes to the Account or compose emails.
•Edit: Role members can view and edit all contents of the Account including attributes and messages.
•Compose: Role members can author new emails from within the pasUnity UI. Role members must have at least Read permission.
•Full: Role members can view, edit, and delete all contents of the Account and author new emails from within the pasUnity UI.
Matrix Level
•Read: Role members can view the Matrix from within pasUnity.
•Use: Role members can interact with the Matrix from within the pasPortal application using granular permissions assigned from the pasPortal.
•Security: Role members can delegate Permissions to the Matrix. Role members must have at least Read permission.
•Full: Role members can view, edit, and delete Matrix configuration (including designing columns, rows, and DropBoxes and manipulating files) and delegate Permissions to the Matrix.
DropBox Level
Additional permissions listed below can be assigned at the DropBox level within a Matrix. These permissions can only be managed within a pasPortal subscription that allows granular security.
•Read: Role members can view content in a DropBox (this does not allow for download though).
•Retrieve File: Role members can retrieve files from a DropBox.
•Delete File: Role members can delete files from a DropBox that has not been processed by a job.
•Upload File: Role members can upload files to a DropBox.
•Delete Processed File: Role members can delete files that have already been processed from a DropBox.
•Remove Hold: Role members can remove a hold on work for files that were either submitted on hold or are on hold due to an error during job execution.
•Full: Allows full control of a DropBox.
Copyright © 2024 pasUNITY, Inc.
Send comments on this topic.
