The roles management screen is available regardless of whether your user management is with DPOD's internal database registry or LDAP.
The screen is accessible by clicking [Manage→Security→Roles] from the The Navigation Bar.
There are two types of security roles available with DPOD:
- Custom Roles - defined by the administrator. These roles may be added, deleted or altered by a DPOD Administrator.
- Built-in Roles - these are DPOD's own built-in roles, which can not be added, deleted or altered.
The roles are used to provide a means for the administrator to filter the view users have of the system. Administrators can use the roles to filter out devices, domains, services or Client IP addresses from a user's view, thereby providing each user with insights to only the parts of the system they are allowed to access.
Custom Roles Table
The custom roles widget at the top of the screen lists the custom roles defined in the system in a table. Each row in the table contains the following information for a single role:
Column | Description |
---|---|
Name | The role's name. Clicking on a role's name will load the role's details in the Role View and provide access to system actions for the role. |
Description | The description for this role |
Adding a Custom Role
The custom roles table widget contains the Add Custom Role button at the top.
Click this button to add a new custom role in the system.
The Role Details section below provides information about the details required for adding or editing custom roles.
Built-In Roles Table
The built-in roles widget at the top of the screen lists the built-in roles defined in the system in a table. Each row in the table contains the following information for a single role:
Column | Description |
---|---|
Name | The role's name. Clicking on a role's name will load the role's details in the Role View and provide access to system actions for the role. |
Description | The description for this role |
Role View
The role view is loaded for a group when the user's name is clicked from the Groups Table described above.
The system displays the following details:
Detail | Content Description |
---|---|
Name | The name of this role |
Description | The description of this role. |
Allowed Devices (For custom roles only) | A comma-separated list of devices this role provides access to or N/A when the role is not used to allow device access. |
Denied Devices (For custom roles only) | A comma-separated list of devices this role denies access to or N/A when the role is not used to deny device access. |
Allowed Domains (For custom roles only) | A comma-separated list of domains this role provides access to or N/A when the role is not used to allow domain access. |
Denied Domains (For custom roles only) | A comma-separated list of domains this role denies access to or N/A when the role is not used to deny domain access. |
Allowed Services (For custom roles only) | A comma-separated list of services this role provides access to or N/A when the role is not used to allow service access. |
Denied Services (For custom roles only) | A comma-separated list of services this role denies access to or N/A when the role is not used to deny service access. |
Allowed Client IPs (For custom roles only) | A comma-separated list of client IP addresses this role provides access to or N/A when the role is not used to allow client IP access. |
Denied Client IPs (For custom roles only) | A comma-separated list of client IP addresses this role denies access to or N/A when the role is not used to deny client IP access. |
Allow Access to Raw Messages (For custom roles only) | Whether this role, when assigned to a user, allows them to view Raw Messages. |
Allow Access to Payload (For custom roles only) | Whether this role, when assigned to a user, allows them to view Messages Payload. |
Groups in Role | This widget lists all the Security Groups assigned this role. You may use the controls in this widget to remove or add a group association to this role. |
Users in Role | This widget lists all the Users assigned this role. You may use the controls in this widget to remove or add a user association to this role. |
Edit or Delete a Custom Role
When viewing the details of a customer role, the Role View screen contains two buttons at the top.
Click the Edit button to edit the displayed role's details.
Click the Delete Custom Role button to remove the custom role from the system.
Role Details
When adding or editing a custom role, you will need to provide the following details:
Field | Purpose |
---|---|
Name | The name of this role. This is a mandatory field. |
Description | The description of this role. |
Allowed Devices | A comma-separated list of devices this role provides access to. Leave empty if the role is not used to allow device access. |
Denied Devices | A comma-separated list of devices this role denies access to. Leave empty if the role is not used to deny device access. |
Allowed Domains | A comma-separated list of domains this role provides access to. Leave empty if the role is not used to allow domain access. |
Denied Domains | A comma-separated list of domains this role denies access to. Leave empty if the role is not used to deny domain access. |
Allowed Services | A comma-separated list of services this role provides access to. Leave empty if the role is not used to allow service access. |
Denied Services | A comma-separated list of services this role denies access to. Leave empty if the role is not used to deny service access. |
Allowed Client IPs | A comma-separated list of client IP addresses this role provides access to. |
Denied Client IPs | A comma-separated list of client IP addresses this role denies access to. Leave empty if the role is not used to deny client IP access. |
Allow Access to Raw Messages | Whether this role, when assigned to a user, allows them to view Raw Messages. |
Allow Access to Payload | Whether this role, when assigned to a user, allows them to view Messages Payload. |