Privileges
Hi,
we are trying to create user roles from Groovy and we are having a really hard time to figure out which priviliges we need for what action in the SDK. Is there a guide or preferred method to do this.
E.g. Some role can see devices using DeviceFinder. We cannot get this to work (unless I give all privileges). Finding the exact combo of privileges seems almost imposible. From Groovy we use PrivilegeFinder by name. We got the names through PrivilegeFinder.findAll() and dumped them on a webservice to understand them better and are now puzzling are way through it.
Any help would be appreciated.
Thnx,
Peter
Keywords:
Syndicate
Visibility Configuration Needed
Hi Peter,
Thanks for posting your question. It sounds like you're working with privileges when visibility is the problem. Privileges allow users to perform actions, but visibility is what allows them to access information, such as devices. I will give you a list of privileges that should work for you, but to solve the specific problem you mention of seeing devices, here's what you need to do.
Create a User Group for your users that will hold the privileges, then link your Assets' default Model Asset Group to the User Group. A default Model Asset Group is automatically created whenever a model is created.
Steps:
1) Go to Administration > New > User Group
2) Check "Enable Asset Group Module" under User Group Asset Security
3) Click Finish.
4) Find the User Group you just created in order to edit its user properties
Note - to get to this screen from elsewhere in ServiceLink, click Administration > User Groups
5) Click the User Group name to take you to the edit screen. Click Edit in the Privileges box.
6) For a guest level account, enable all privileges EXCEPT the privileges below:
Access - View
Administration - View
Case - View
Configuration - View
Dashboard - View
Maintenance - View
Partner Login Session - View
Report - View
Service - View
Software - View
Usage - View
User Preference - Modify User Attributes
User Preference - Notification Filter
There should be 208 privileges enabled total.
Now we'll enable visibility, which addresses your question of viewing devices by adding the default Model Asset Group for the devices your user group should view.
7) Click "Edit" under Asset Groups in the User Group overview screen
8) Add the default model group for the devices your user should be able to view - if your device was Apple, select the Apple Default Model Group
9) Click "Save Changes"
Now we need to add your user to the User Group.
10) From the User Group Overview click "Edit" in the Users box.
11) Add your user
You can add any further users to this User Group and they will automatically be able to see the devices and have the privileges associated with the User Group.
Hope this helps!
Sara
:) thanks for the effort,
:) thanks for the effort, really nice.
Yes, this is part of what I was looking for. The other part was a more developer friendly way to know what privileges a user needs to execute certain Groovy API calls (DeviceFinder was only an example). But we will manage.
Real thanks for your explanation.
Best regards, Peter
Article on Groups may be of use
Glad to hear this was helpful. Since then a new article on Groups has been posted at http://developer.axeda.com/learn/by-type/technical-article/introduction-user-groups-and-asset-groups . Might shed some additional insight.
Thank you for your questions!
Sara