beautypg.com

Permissions, Roles, Permissions roles – Grass Valley iControl V.4.43 User Manual

Page 314

background image

Access Control

Permissions

304

Permissions

A permission is an association between an action and a resource in a specific domain, for
example:

view control panel for

dev4.icontrol.com_H_Densité_SLOT_1_31

of type SCP-112 in

 

toronto.myCompany

If a user is given a permission (see note below), then he or she can perform the action on the
specified resource, in the specified domain.

Roles

Roles are a mechanism for describing groups of users, with names that typically reflect real
world job descriptions, such as administrator, operator, or maintenance. A set of permissions is
associated with each role, which can then be assigned to one or more users. For example, the
guest role in the

toronto.myCompany

domain could have this set of permissions:

Notice that all resources in this example are located in

toronto.myCompany

. A role in a given

domain can only give permissions for resources in its domain.

Roles are usually defined and assigned by an administrator, although there are special roles
that exist by default. A user with no assigned role (no permission) in a domain cannot do
anything with resources under access control. A special role (super) exists in every domain — a
super user has permission to do everything in his/her domain. Permissions are given to users
based on their roles and domains as defined by the security administrator.

Roles can be created, deleted, and customized but are configured by default as follows:

Note: Permissions are not assigned directly to users. They are assigned to roles that
are, in turn, assigned to users.

Resource Type

Resource Name

Resource Domain

Action

Domain

toronto.myCompany

toronto.myCompany

startNavigator

SCP-1121

dev4.icontrol.com_H_Densité_SLOT_1_31

toronto.myCompany

openControlPanel

Website

http://10.2.0.251/icw/sites/SkyAssure

toronto.myCompany

openWebsite

Note: A user cannot have different roles in different domains. For example,

joeuser@myCompany

with the administrator role in the myCompany domain could

not be given an operator role in the

montreal.myCompany 

domain.

Role

Description

Administrator

Full access to all resources plus administrative privileges. For example, an administrator can create
accounts and assign permissions for roles

Maintenance

Access to all resources but no administrative privileges. For example, maintenance personnel can
change hardware configurations and settings but cannot modify user privileges or create accounts

This manual is related to the following products:
See also other documents in the category Grass Valley Equipment: