Managing Istore Permissions (Web)

Owned by Nicolás Palombo (Unlicensed)
Last updated: 16 Oct, 2008Version comment
3 min read
Unknown macro: {scrollbar}
Istore Permissions

Access permission to the different objects that are stored in the O3 Server are administrated in this tab.
These objects or components are: scorecards, models, rules, actions, desktops, queries, dashboards, reports, simulations and expressions.

Permissions are defined at the role level.

As seen in the picture below, you have the list of existing roles on the left and on the right:

  1. A combo where the component is selected
  2. A table with one row for each scorecard (in this case) stored in the server.
  3. Buttons to Apply and to Cancel : To apply or cancel the changes made in the table.


Permissions are defined at the role level, that is, access to the different components will be granted or denied for every existing role, so that all the users in a given role might or might not have access to the components according to what is indicated here.

Please bear in mind that the default value for the permissions of all components is denied.

The permissions table has a first row where the general permissions, associated to the general name "Repository", are specified. The remaining rows let users define permissions for the components published (saved) in the server.

The permissions table displays the following columns:

  • Component: It indicates the component on which permissions are defined. (It varies depending on the component selected in the combo: scorecards, models, etc)
  • Read: It indicates if you have permissions to view the component.
  • Write: It indicates if you have permissions to generate a component of the selected type.
  • List: It defines if you can see the list of remote components (saved in the server). This column is only used when the general permissions are defined, that is, the Repository permissions.

The possible values for permissions are:

It permits the operation indicated in the column for the selected role.

It disables the operation indicated in the column for the selected role.

It takes the same value specified for the Repository in the corresponding column (that is, the value given in the first row)

Example:

Access permissions to scorecards in the "Administrators" role are defined. According to the selected options we have:


It is possible to modify the default behavior of the "Inherit" value for the special element "Repository". This determines if when publishing a new component, for instance a scorecard, it remains visible to the different roles or if on the contrary, it is necessary to grant permissions explicitly.


Such behavior is determined with the property that must be defined in the GServer_custom.properties file found in O3_INSTALL_DIR\jboss\server\default\ideasoft-o3.

The default value (true) states that the new generated components are visible to all users.

rbac.appPermissions.default.istore
Unknown macro: {scrollbar}