Resource Permissions

Resource Permissions apply to designated Resources within ProVision. Rather than allowing a user full access to the ProVision platform, you can choose to limit a user's access to only certain resources or functional areas. 

Administration of these permissions require Administrative privileges. As an Admin, the user can then assign resource permissions to groups and users.

Resource Permission Details

Resource Permission groups are visible under the "Groups" section of the Users tab. New groups may be created through the "Add Group" button.

Under the resource selector, chose one or more resources for which you want to define permissions, and then check permissions as desired.

Additional Resources may be added to the list by clicking on "Add more Group Permissions".

Keep in mind when working with individual Resource permissions that tasks which require moving entities (zones, IPAM blocks, attaching servers, etc) from one resource to another, require the user to have permissions on both the originating Resource and the destination Resource.

Thus, moving IP blocks from "6connect Labz" to "7connect Labs" requires the user to have IPAM and Resource permissions on both Lab resources.

Similarly, attaching a DNS server to a DNS Group requires Resource permissions on both the DNS Group and the intended DNS server to attach.

Here, we show making a group called "Some Lab Group", whose users we want to be able to access two resources: 6connect Labz and 7connect Labs.

These users will be working extensively in IPAM and Resources, so we give them full access to those areas of ProVision.

However, we also want them to view other information in Peering and Users, but not edit it.

Click on "Show Details" to fine-tune the permissions, and then check the "R" column under Peer and User.

Lastly, hit "Save" to save our changes. 

Details on each resource permission option is as follows:

Resource PermissionDescription
CreateAbility to create records of a certain type
ReadAbility to read records of a certain type
UpdateAbility to update existing records of a certain type
DeleteAbility to delete records of a certain type
Functional AreaDescription

IPAM

IP Address Management functionality - this covers the IPAM Tab in addition to the IPAM "Gadget" that can be present in Resources.
PeeringPeering functionality - covers the Peering Tab, both the Communication Manager and the Session Manager.
ResourcesResource functionality - this controls access for Resources depending on either the TLR or the individual Resource(s) selected. DNS zones, records, and servers are included as "Resources".
UserUser/Group management - this controls access for User and Group functions within the administrative area for ProVision.
SWIP*This affects the SWIP/RPSL integration for ARIN/RIPE. This way a user can either be enabled to have this capability or not.
Admin*This controls whether a user is a administrator for the global ProVision application.

*

SWIP and Admin functions are only visible when Show Details is selected

Additional Information

For more information on Users and Groups, see the following areas:

Users & Permissions

Global Permissions

Working With Users and Groups

Verifying Permissions

  • No labels