Global Permissions
Global Permissions apply to the "TLR" or "Top Level Resource" within ProVision. By default, ProVision includes two groups with Global Permissions access - Global Admins and Global Read-Only. Initial Users are typically placed in the "Global Admins" group, and have administrative access to the entire platform. Global Read-Only users have full access to the platform, but with only read permissions.
Administration of these permissions require Administrative privileges. As an Admin, the user can then assign global permissions to groups and users. Depending on the requirement, the user can also have Resource specific permissions depending on how their group is configured.
Global Permission Details
Global groups are visible under the "Groups" section of the Users tab. In addition to the two default Global groups, new Global groups may be created through the "Add Group" button.
Under the resource selector, chose the "Top-Level (Global Access)" Resource, and then check permissions as desired.
Global groups may also be edited just like standard groups, through selecting the Action Menu (Wrench Icon) to bring up the group information details. Groups may be deleted by selecting the red circle icon.
Group details are the same for Global groups as for non-global groups, excepting that the resource selected is Top-Level (Global Access). You may choose to edit the name, enable/disable the group, show or hide C/R/U/D permission details, and view users assigned to that group. Be sure to save any changes after editing.
Details on each global permission option is as follows:
| Global Permission | Description |
|---|---|
| Create | Ability to create records of a certain type |
| Read | Ability to read records of a certain type |
| Update | Ability to update existing records of a certain type |
| Delete | Ability to delete records of a certain type |
| Functional Area | Description |
|---|---|
IPAM | IP Address Management functionality - this covers the IPAM Tab in addition to the IPAM "Gadget" that can be present in Resources. |
| DNS | DNS Zone/Zone Record Management functionality - this covers the DNS Tab in addition to the DNS "Gadget" that can be present in Resources. |
| Peering | Peering functionality - covers the Peering Tab, both the Communication Manager and the Session Manager. |
| Resources | Resource functionality - this controls access for Resources depending on either the TLR or the individual Resource. |
| User | User/Group management - this controls access for User and Group functions within the administrative area for ProVision. |
| SWIP* | This affects the SWIP/RPSL integration for ARIN/RIPE. This way a user can either be enabled to have this capability or not. |
| Admin* | This controls whether a user is a administrator for the global ProVision application. |
*
SWIP and Admin functions are only visible when Show Details is selected