Permissions give users authorization to use Panaseer features, functionality and dashboards. As with all areas of identity, access and privilege, we recommend following the principle of least privilege, whereby users are only granted access to the functionality they require for their role.
Users are authorized and can authenticate to Panaseer through single sign on (SSO) integrations, with their Groups associated through the organization's usual LDAP process.
Panaseer administrative users can map Permissions to Roles and Roles to Groups via the Access Management interface (refer to Access management overview for more information). Panaseer provides a set of Roles out of the box, but it is possible to create new Roles with given Permissions.
This article assumes that you have the appropriate permissions to view and configure the Access Management interface.
Roles
Panaseer provides a list of Roles out of the box.
Clicking on any role in the list enables you to determine the Permissions associated with the Role, the Groups the Role is mapped to, and the Users who are mapped to the Role through their Groups.
Permissions
The Permissions tab provides the list of Permissions that provide authorization to features, functionality and dashboards within Panaseer.
On choosing a specific Permission you will be able to see:
- Roles to which the Permission is mapped.
- Groups that have gained the given Permission through their Roles.
- Users who inherit the Permission through their Groups.
The toggles on 'Create', 'Read', 'Update' and 'Delete' can be used to give different combinations that reveal different Roles, Groups and users who are mapped as a result.
Mapping Roles to Groups
To map a Role to a Group:
- From the Groups tab, choose the Group you wish to make the mapping for in the list of Groups.
- Click 'Edit Roles' to choose which Roles to map to the Group.
- Select the Roles to include and click 'Save' once ready.
This will take you back to the Group view so that you can see the impact of your change.
Mapping Permissions to Roles
Similarly to when mapping Roles to Groups, to map Permissions to Roles:
- From the Roles tab, choose the Role you wish to update and click 'Edit Permissions'.
- You will see check boxes for every Permission and most have four choices: 'Create', 'Read', 'Update', 'Delete', which provide the user the ability to create only, read only, update only, or delete only, or combinations as required.
Tooltips provide more details on the purpose of the Panaseer Permission.
We recommend that you make Roles specific and granular to the functionality you wish to permission within Panaseer. Build up a user's authorization access capabilities through mapping multiple Roles to the same Group. It is expected that the Groups to Roles relationship is many to many.
Creating New Roles
To create a new Role:
- From the Roles tab, click '+'.
- Give the new Role a title and click 'Save Role Info'.
You can follow the guides above to map Permissions to your new Role and the Role to Groups.
Comments
0 comments
Please sign in to leave a comment.