Users
Define permissions for the User object
The User object contains data for the user accounts in your tenant. The Access Control List allows you to define permissions for the User object. Modifying permissions for an object allows you to grant access to actions that affect the object, which can be executed from API calls or portal pages. You can grant a role full access, custom access, or no access to the object. You can also customize the level of access users have to the actions and fields within the object. The TenantAdministrator role has full access to all objects.
Important:The Authenticated User role has read access to the User object by default. DSI highly recommends that you do not revoke this access.
To define permissions for the User object, complete the following steps in the portal.-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Object (System), and then select User Object.Step InformationResult: The list of roles displays, along with each role's access to the object.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the object, select Full Access.Note:This allows all users within the role to use API calls to add, read, modify, search, and update the object itself, and all fields within the object.
-
To prevent the role from being able to view the object, select No Access.
-
To customize the level of access the role will have to the object, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions. -
-
If you selected Custom Access, under Action Level Permissions, turn the Execute switch on to allow, or off to disallow, each of the following actions.
-
Add: Allows the role to add new users.
-
Read: Allows the role to view users.
-
Modify: Allows the role to change the object definition for the User object.
-
Search: Allows the role to search for specific users.
-
Update: Allows the role to edit users.
-
-
If you selected Custom Access, under Field Level Permissions, turn the Read switch on to allow read access, or off to disallow read access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the User object.
-
If you selected Custom Access, under Field Level Permissions, turn the Update switch on to allow the role to update, or off to disallow update access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the User object.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions.
-
Optional. To define permissions for portal pages that use data from the User object, complete the following substeps.
Field level permissions for the User object
The Access Control List (ACL) allows you to customize the level of access users have to the fields within the User object.
The list of fields is populated from the list of attributes in the User object. The following permissions can be modified for each field.
-
Read: allows or disallows read access.
-
Update: allows or disallows editing.
When modifying field level permissions, keep in mind that some fields are required for specific actions.
The following fields are available for the User object.
Email
The email address associated with a user profile.
Full access to this field is required when adding or editing a user.
Image
Not currently implemented.
Locked
Specifies whether the user account is locked.
Full access to this field is required when locking or unlocking a user profile.
Userid
The unique ID associated with a user profile. This is a database generated int64 field.
Full access to this field is required when adding or editing a user profile.
Company
The company associated with a user profile.
Deleted
Specifies whether a user profile is deleted.
Full access to this field is required when deleting a user profile.
Loginid
The ID with which a user logs in to SCPaaS.
Full access to this field is required when adding or editing a user profile.
Countryid
The ID of the country specified for a user profile.
Createdby
The userid of the user who created a user profile.
Full access to this field is required when adding a user profile.
Givenname
The first name of a user.
Full access to this field is required when adding or editing a user profile.
Orgunitid
Not currently implemented.
Updatedby
The userid of the user who last updated a user profile.
Full access to this field is required when adding or editing a user profile.
Userdata1-Userdata5
Additional information associated with a user profile.
Externalid
The Cognito ID for the user profile. This field is controlled by the system, and cannot be added or edited by users.
Familyname
The last name of a user.
Full access to this field is required when adding or editing a user profile.
Analyticsid
The DOMO license associated with a user. This specifies whether the user can access Insights cards.
Phonenumber
The phone number associated with a user profile.
Whencreated
The date and time a user profile was created.
Full access to this field is required when adding a user profile.
Whenupdated
The date and time a user profile was updated.
Full access to this field is required when adding or editing a user profile.
Languagecode
The language code associated with a user profile.
Mobilephonenumber
The mobile number associated with a user profile.
Mustchangepassword
Specifies whether the password must be reset on login.
Full access to this field is required when adding a user profile.
Acceptedprivacyterms
Not currently implemented.
Authenticationmethod
Not currently implemented.
Define permissions for the UserRole object
The UserRole object contains data about the users assigned to roles in your tenant. The Access Control List allows you to define permissions for the UserRole object. Modifying permissions for an object allows you to grant access to actions that affect the object, which can be executed from API calls or portal pages. You can grant a role full access, custom access, or no access to the object. You can also customize the level of access users have to the actions and fields within the object. The TenantAdministrator role has full access to all objects.
To define permissions for the UserRole object, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Object (System), and then select UserRole Object.Step InformationResult: The list of roles displays, along with each role's access to the object.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the object, select Full Access.Note:This allows all users within the role to use API calls to add, read, modify, search, and update the object itself, and all fields within the object.
-
To prevent the role from being able to view the object, select No Access.
-
To customize the level of access the role will have to the object, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions. -
-
If you selected Custom Access, under Action Level Permissions, turn the Execute switch on to allow, or off to disallow, each of the following actions.
-
Add: Allows the role to assign new users to a role.
-
Read: Allows the role to view the list of users assigned to a role.
-
Modify: Allows the role to change the object definition for the UserRole object.
-
Search: Allows the role to search for specific users within a role.
-
Update: Allows the role to edit user assignments for a role.
-
-
If you selected Custom Access, under Field Level Permissions, turn the Read switch on to allow read access, or off to disallow read access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the UserRole object.
-
If you selected Custom Access, under Field Level Permissions, turn the Update switch on to allow the role to update, or off to disallow update access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the UserRole object.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions.
-
Optional. To define permissions for portal pages that use data from the UserRole object, complete the following substeps.
Field level permissions for the UserRole object
The Access Control List (ACL) allows you to customize the level of access users have to the fields within the UserRole object.
The list of fields is populated from the list of attributes in the UserRole object. The following permissions can be modified for each field.
-
Read: allows or disallows read access.
-
Update: allows or disallows editing.
When modifying field level permissions, keep in mind that some fields are required for specific actions.
The following fields are available for the UserRole object.
Roleid
The ID of the role to which a user is assigned.
Full access to this field is required when adding or editing a role assignment.
Userid
The ID of the user who is assigned to a role.
Full access to this field is required when adding or editing a role assignment.
Createdby
The userid of the user who created a role assignment.
Full access to this field is required when adding a role assignment.
Updatedby
The userid of the user who last updated a role assignment.
Full access to this field is required when adding or editing a role assignment.
Whencreated
The date and time a role was created.
Full access to this field is required when adding a role.
Whenupdated
The date and time a role was updated.
Full access to this field is required when adding or editing a role.
Define permissions for the Users page securable
The Access Control List allows you to modify a role's permissions to the Users page securable. This defines the role's level of access to the Users page on the portal. This only controls access to the page itself. Access to the data within the page is inherited from the User object. You can grant a role full access, custom access, or no access to the Users page securable. The TenantAdministrator role has full access to all objects.
Prerequisites:
-
If you want to allow users to view or edit the Users page, you must also grant permissions for any parent pages in the menu structure. For example, if the Users page is nested under Administration, you must Define permissions for the Admin page securable.
To define permissions for the Users page securable, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Page (System), and then select Users Page Securable.Step InformationResult: The list of roles displays, along with each role's access to the page.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the page, select Full Access.
-
To prevent the role from being able to view the page, select No Access.
-
To customize the level of access the role will have to the page, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the page permissions were successfully updated. -
-
If you selected Custom Access, under Top Level Permissions, for Page, turn the View switch on to allow read access to the page, or off to disallow read access.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the page permissions were successfully updated.
Define permissions for the User page securable
The Access Control List allows you to modify a role's permissions to the User page securable. This defines the role's level of access to the User page on the portal. This only controls access to the page itself. Access to the data within the page is inherited from the User object. You can grant a role full access, custom access, or no access to the User page securable. The TenantAdministrator role has full access to all objects.
Prerequisites:
-
If you want to allow users to view or edit the User page, you must also grant permissions for any parent pages in the menu structure. For example, if the User page is nested under Administration > Users, you must Define permissions for the Admin page securable, and Define permissions for the Users page securable.
To define permissions for the User page securable, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Page (System), and then select User Page Securable.Step InformationResult: The list of roles displays, along with each role's access to the page.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the page, select Full Access.
-
To prevent the role from being able to view the page, select No Access.
-
To customize the level of access the role will have to the page, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the page permissions were successfully updated. -
-
If you selected Custom Access, under Top Level Permissions, for Page, turn the View switch on to allow read access to the page, or off to disallow read access.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the page permissions were successfully updated.
Loading...
There was a problem loading this topic