Global Permissions
Global Permissions apply to the "TLR" or "Top Level Resource" within ProVision. By default, ProVision includes two groups with Global Permissions access - Global Admins and Global Read-Only. Initial Users are typically placed in the "Global Admins" group, and have administrative access to the entire platform. Global Read-Only users have full access to the platform, but with only read permissions. The global default groups cannot be deleted and only the "External ID" field can be edited (see SAML Authentication for more detail on the use of the External ID field).
Administration of these permissions require Administrative privileges. As an Admin, the user can then assign global permissions to groups and users. Depending on the requirement, the user can also have Resource specific permissions depending on how their group is configured.
...
Global groups are visible under the "Groups" section subtab of the Users tab. In addition to the two default Global groups, new Global groups may be created through the "Add Group" button.
Under the resource selector, chose the "TLR" Resource ("Top - Level (Global Access)" ResourceResource"), and then check permissions as desired.
Global User created global groups may also be edited just like standard groups, through selecting the Action Menu (Wrench Gear Icon), or clicking on the group name, to bring up the group information details. Groups may be deleted by selecting the red circle icon.
Group details are the same for Global groups as for non-global groups, excepting that the resource selected is TLR (Top - Level (Global AccessResource). You may choose to edit the name, enable/disable the group, show or hide C/R/U/D permission details, and view users assigned to that group. Be sure to save any changes after editing.
Details on each global permission option is as follows:
...
| Functional Area | Description | ||
|---|---|---|---|
IPAM | IP Address Management functionality - this covers the IPAM Tab in addition to the IPAM "Gadget" that can be present in Resources. | ||
| DNS | DNS Zone/Zone Record Management functionality - this covers the DNS Tab in addition to the DNS "Gadget" that can be present in Resources. | ||
| Peer | Peering | Peering | Peering functionality - covers the Peering Tab, both the Communication Manager and the Session Manager. |
| ResourcesResource | Resource functionality - this controls access for Resources depending on either the TLR or the individual Resource(s) selected. DNS zones, records, and servers are included as "Resources". | ||
| User | User/Group management - this controls access for User and Group functions within the administrative area for ProVision. | ||
| SWIP* | This affects the SWIP/RPSL integration for ARIN/RIPE. This way a user can either be enabled to have this capability or not. | ||
| Admin* | This controls whether a user is a an administrator for the global ProVision application. |
...
| title | * |
|---|
| Note: This does not confer any additional permissions on a per-resource level. |
Additional Information
For more information on Users and Groups, see the following areas:
...