Versions Compared

Version Old Version 3 New Version Current
Changes made by

Felix Lorenz

Wanja Mensch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Read: Grants read access to Spaces and all their Configuration Areas except for the Confidential Configuration Areas.

  • Read Confidential: Grants read access to Confidential Configuration Areas.

  • Create, Modify, Disable: Automatically created for each Component Unit or Configuration Type. Users must possess scoped roles with appropriate permissions to perform these actions.

  • Maintain: Includes create, modify, and disable permissions.

  • Modify: Grants permission for modification only.

  • Delete: Grants permission for deletion only.

  • Administrative Permissions: These permissions can only be assigned to a space via a role and include tasks such as maintaining roles, the type system, configuration areas, storage locations, Single Sign-On (SSO) configuration, and Master Data.

...

Access to content within Smartfacts CDCM is determined by the permissions assigned to users:

  • Read Access: Users with a role that has the "Read" permissions to at least one Configuration Area permission for a space have read access to all Configuration Areas within the Space, except those marked as "Confidential." non-confidential configuration areas in that space, including all the content of those configuration areas.

  • Confidential Access: For "Read" access to a Confidential confidential Configuration Area, users need a role explicitly granting with a "Read Confidential" permissions" permission for that confidential configuration area.

Write Permissions

When a new component unit or configuration type is created in Smartfacts CDCM, Create, Modify, and Disable Delete permissions are automatically generated for that type with the following pattern: <conceptTypeName>Maintain, <conceptTypeName>Modify, <conceptTypeName>Delete. This streamlines the process of managing access rights and ensures consistency across the system. Here's how it works:

...

  1. Navigate to Admin Area: Access the admin area of Smartfacts CDCM. (Cogwheel icon at the bottom left in the side menu)

  2. Select Roles & Permissions

  3. Choose an action

    1. Add a new role by clicking on the + Add Role button at the top right

    2. Edit a roles permission by selecting a role from the list

      1. Assign a permission by clicking on the + button in the list of unassigned permissions

      2. Unassign a permission by clicking on the - button in the list of assigned permissions

      3. Permissions can be filtered by access type, unit type and permission type

Example of a

...

Configuration

These are The following examples of scoped roles included in include the token provided by the Identitiy Provideridentitiy provider (=IDP). These examples where done with the default settings for Authorization Customization. For example the separator for the different parts of the token can be changed from the default which is a singe .

Give the user a bare minimum role

...

On log-in the user receives this scoped role the role “Bare Minimum” in the scope of the space with the key “spaceOne” and is now able to read space bm but not the content of any configuration areathat space and all containing non-confidential configuration areas.

Assign a role to a user for all configuration areas within a space

...

On log-in the user receives this scoped role and is now able to work with the assigned permissions in every configuration area.the role role “user” (last part of the token value) in the space with the key “spaceOne” (first part of the token value) in all non confidential configuration area (wildcard * in the second part of the token)

Assign a role to a user for a specific configuration area

...

On log-in the user receives this scoped role and is now able to work with the assigned permissions in this specific configuration area.the role role “user” (last part of the token value) in the space with the key “spaceOne” (first part of the token value) in the configuration area with the key caOne (second part of the token value)

Conclusion

Managing scopes, roles, and permissions in Smartfacts CDCM is crucial for maintaining proper access control and security within the configuration management system. By defining roles within specific scopes and assigning appropriate permissions, organizations can ensure that users have the necessary access to perform their tasks effectively while maintaining data security. For detailed instructions on managing roles and permissions, refer to the administration documentation or contact support for assistance.