Resource Permissions
Resource Permissions apply to designated Resources within ProVision. Rather than allowing a user full access to the ProVision platform, you can choose to limit a user's access to only certain resources or functional areas.
Administration of these permissions require Administrative privileges. As an Admin, the user can then assign resource permissions to groups and users.
Resource Permission groups are visible under the "Groups" subtab of the Users tab. New groups may be created through the "Add Group" button in the upper right of the page.
Under the resource lookup selector, chose one or more resources for which you want to define permissions, and then check permissions as desired.
Keep in mind when working with individual Resource permissions that tasks which require moving entities (zones, IPAM blocks, attaching servers, etc) from one resource to another, require the user to have permissions on both the originating Resource and the destination Resource. Thus, moving IP blocks from "6connect Labz" to "7connect Labs" requires the user to have IPAM and Resource permissions on both Lab resources. Similarly, attaching a DNS server to a DNS Group requires Resource permissions on both the DNS Group and the intended DNS server to attach. |
Here, we show making a group called "Some Lab Group", whose users we want to be able to access two resources: 6connect Labz and 7connect Labs.
These users will be working extensively in IPAM and Resources, so we give them full access to those areas of ProVision. By clicking the checkbox in the upper corner of a permissions box you can select all the checkboxes in that section.
However, we also want them to view other information in Peering and Users, but not edit it.
Check the "R" column under Peer and User.
Lastly, hit "Save" to save our changes.
Details on each resource permission option is as follows:
| Resource Permission | Description |
|---|---|
| Create | Ability to create records of a certain type |
| Read | Ability to read records of a certain type |
| Update | Ability to update existing records of a certain type |
| Delete | Ability to delete records of a certain type |
| Functional Area | Description |
|---|---|
IPAM | IP Address Management functionality - this covers the IPAM Tab in addition to the IPAM "Gadget" that can be present in Resources. |
| Peer | Peering functionality - covers the Peering Tab, both the Communication Manager and the Session Manager. |
| Resource | Resource functionality - this controls access for Resources depending on either the TLR or the individual Resource(s) selected. DNS zones, records, and servers are included as "Resources". |
| User | User/Group management - this controls access for User and Group functions within the administrative area for ProVision. |
| SWIP* | This affects the SWIP/RPSL integration for ARIN/RIPE. This way a user can either be enabled to have this capability or not. |
| Admin* | This controls whether a user is a administrator for the global ProVision application. |
For more information on Users and Groups, see the following areas: