beautypg.com

Permissions, Roles, Permissions roles – Grass Valley iControl V.6.02 User Manual

Page 271

background image

iControl

User Guide

261

Permissions

A permission is an association between an action and a resource in a specific domain, for
example:

view control panel for

dev4.icontrol.com_H_Densité_SLOT_1_31

of type SCP-112 in

toronto.myCompany

If a user is given a permission (see note below), then he or she can perform the action on the
specified resource, in the specified domain.

Roles

Roles are a mechanism for describing groups of users, with names that typically reflect real
world job descriptions, such as administrator, operator, or maintenance. A set of permissions is
associated with each role, which can then be assigned to one or more users. For example, the
guest role in the

toronto.myCompany domain could have this set of permissions:

Notice that all resources in this example are located in

toronto.myCompany. A role in a given

domain can only give permissions for resources in its domain.

Roles are usually defined and assigned by an administrator, although there are special roles
that exist by default. A user with no assigned role (no permission) in a domain cannot do
anything with resources under access control. A special role (super) exists in every domain — a
super user has permission to do everything in his/her domain. Permissions are given to users
based on their roles and domains as defined by the security administrator.

Roles can be created, deleted, and customized but are configured by default as follows:

Note: Permissions are not assigned directly to users. They are assigned to roles that
are, in turn, assigned to users.

Resource Type

Resource Name

Resource Domain

Action

Domain

toronto.myCompany

toronto.myCompany

startNavigator

SCP-1121

dev4.icontrol.com_H_Densité_SLOT_1_31

toronto.myCompany

openControlPanel

Website

http://10.2.0.251/icw/sites/SkyAssur
e

toronto.myCompany

openWebsite

Note: A user cannot have different roles in different domains. For example,

joeuser@myCompany

with the administrator role in the myCompany domain could

not be given an operator role in the

montreal.myCompany domain.

This manual is related to the following products:
See also other documents in the category Grass Valley Equipment: