Users
Users & Permissions is accessed from the Admin screen under the Users tab. Here, you will find tools for adding and managing permissions groups, users, and running queries for verifying a user's specific permissions.
The Permissions Structure
The Permissions structure in ProVision is designed to give you as much flexibility as you need to accommodate most use cases. When mapping out the permissions structure for your organization, keep in mind who you want to access to application:
- Internal Users and Roles (Admins, Read Only, etc.)
- Partners related to multiple specific Resources/Accounts
- Customers/Departments with limited view to only their respective Resources/Accounts
In this diagram, we have created groups for each of those scenarios – we have internal groups, Partner Groups, and Customer groups. Each of these groups has access to different resources, permission levels, and users assigned to them.
The components of the Permissions System include:
Users: A User is a single login account that accesses ProVision. Users are assigned to Groups.
Groups: A Group is a set of permission conditions that apply to selected Users. Allowed Resources and access levels (C/R/U/D permissions) are set inside the Group.
Resources & Access: Inside a Group, Resource access may be set to Global (applies to all Resources), or to the Resource level (applies to only the selected Resources). For each Resource selected, access permissions can be set with C/R/U/D permissions under each ProVision functional area (IPAM, DNS, Resource, Peering).
As a whole, this makes up the ProVision permissions system. The Permissions system allows you to fine-tune access to resource data to be as detailed as you need.
Video Overview
Video overview applicable to ProVision version 5.3.3 and earlier.
Permission Levels
Global Permissions
When you see a reference to a "TLR" - that is a "Top Level Resource". This Is the primary Resource under which all other resources fall under. ProVision currently only allows a single level of administrator permissions: Global Administrator.
Users with "Admin" access can assign/modify permissions for other users.
See Global Permissions for more details on configuring these elements.
Resource Permissions
An administrator can also set respective permissions for a given Resource (single or multiple). These permissions fall under Groups. So a Group is configured for the given group of Resource permissions, and then the User account is added.
See Working With Users and Groups to learn how Resource Permissions are assigned.
See Resource Permissions for more details on configuring these elements.