Access controls allow you to assign roles and permissions to users and groups. They also allow you to explicitly allow or deny specific permissions to a user group. By default, Continua comes configured with many access controls preconfigured which should cover the majority of the permission sets needed.
It is recommended that most permissions should be assigned to users through roles as this means you only need to change the permissions once to affect multiple users. The explicit allow and deny permissions should only be used in specific scenarios as needed.
Note: The permissions set here are at the global level. Projects and Configurations each have their own set of permissions that will override anything specified here. Configuration level permissions override Project level permission and Project level permissions override Global level permissions. If you explicitly deny the Edit Configuration permission to a user here in the global section, it can be overridden by going to that Configuration or that Configurations' Project and explicitly allow the Edit Configuration permission.
The Access Control page can be found in the administration menu under Security. The access control page lists all the access entries in Continua and allows you to create, edit and delete them.
Creating & Editing Access Control Entries
(Setting roles to an access control)
(setting explicit allow and deny permissions on an access control)
The Access Control page can be found in the administration menu under Security. The access control page lists all the access entries in Continua and allows you to create, edit and delete them.
How Does Access Control Work?
An access control entry allows you to define fine grain permissions for users and groups at a global level. In it's most simplest form, it allows you to assign Role(s) to Users and Groups. Continua has set up a few defaults for these situations, the Administrator role is assigned to the Administrators group for example. By default, any users in the Guest group have the role of a Guest, which is setup to have no permissions at all. You may decide though that you want guests to be able to see all Configurations in a system. To allow this, you would edit the Guest User entry in the access control list and select the Allow check box for the View Configuration permission. The possibilities are endless and there's more than one way to go about setting permissions. You may find it's easier to just create Roles then assign Users/Groups to that Role. Alternatively you can assign a User/Group a bunch of permissions and not give them a Role at all.
Creating an Access Control Entry
Clicking the "New Entry" link will pop up a dialog with all the input fields needed to create a new access control entry.
The "New Entry" dialog is split into two sections, Roles and Permissions. Click the "Show options to explicitly allow or deny permissions" link to show the permissions section. You can select Roles and Permissions at the same time or even select one or the other.
Each access control entry links roles and permissions to a specific user or group which can be selected in the dropdown menu at the top of the dialog. Multiple roles can be linked to a user or group in the same access control entry.
For more information on configuring explicit permissions, view the fine grain control section.
Deleting an Access Control Entry
Deleting an access control entry does not delete it's associated roles or users and groups, it simply unlinks the roles from the users and groups. However, any explicit permissions that have been set on the access control will be deleted.