Security Permissions

  • Updated

A permission grants access to a particular type of functionality that can be performed in irCatalog. There are 13 available permissions, which cannot be customized or modified.

Several of the permissions make reference to “defs”, short for definitions, which are the different types of components that makes up a rule application. Examples of defs are entities, fields, collections, calculations, rule sets, rule flows, rules, inline tables and value list, SQL queries, endpoints, schemas, vocabulary templates, UDFs, etc.

Here is the list of all permissions and a brief description of each one:

Permission Name Tasks requiring the permission
AdministerDefs
  • administer security permissions
  • repair Catalog
  • upgrade rule application
FileSystemDefsAccess
  • not currently used (N/A)
InsertDefs
  • insert def
    • add new element to a rule application
    • create new rule application
    • promote rule application from one Catalog to another
    • overwrite rule application (create new revision for existing Rule Application)
LabelDefs
  • set labels for rule application
    • create label
    • rename label
    • apply label
    • remove label
ManageUsersAndRoles
  • manage users, roles and groups
    • add user, role or group
    • modify user, role or group (includes deactivating and activating users and groups)
    • delete user, role or group
MarkDefsInactive
  • deactivate rule application
  • deprecate shared def
ModifyDefs
  • modify def
    • modify element of a rule application
    • update category
    • add category
  • deactivate rule application
  • check out def
ModifyDefSchemas
  • convert Entity field to a Field, Calculation or Collection
  • check out def
ModifySharedElements
  • modify shared element 2
    • share def
    • unshare def
    • check in shared def
    • check out shared def
OpenDefs
  • open (read) def
  • checkout def
RemoveDefs
  • remove def
  • delete rule application
  • repair Catalog (only if the repair requires deleting a revision)
UndoAnyDefCheckout
  • undo another user's checkout 1
  • repair Catalog (only if the repair requires undoing a checkout)
 
  • delete rule application 3
UseEngineService
  • not currently used (N/A)

1 - The following can be checked out: rule application, rule sets, data folder elements, end points, Schemas, and categories.

2 - The following can be shared: Schema (Entities and Fields), rule sets, data elements, end points, and categories.

3 - Only required if the rule application is checked out by another user or saved to another user's workspace.

Example Tasks and permissions needed:

  • Add Category – requires InsertDefs and ModifyDefs
  • Checkout – requires OpenDefs, ModifyDefs and ModifyDefSchemas (If the def is shared, also need ModifySharedElements)
  • Delete a rule application – requires UndoAnyDefCheckout and RemoveDefs

 

Was this article helpful?

1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.