How can we separate jobs into different view for different team or users
Release : 7.00.01
How permissions and roles work?
Globally, inside a Role, the right is an "interception" of all rights definition. Between several Roles, the right is a "union" between all rights.
Rule 1 UPR=TC_* DENY
Rule 2 UPR=* ALLOW
Rule 3 UPR=TC_A* ALLOW
The right of that Role is all Uprocs are displayed etc... except Uprocs TC_* including Uprocs starting by TC_A* even if the Role TC_A* allow
If another Role exists:
And that Role is in the same Group than the previous Role where the user is included. There is a union between Roles, so the user will have right to see all UPROC except TC_* but the user will see all UPROCS starting by TC_A*.
To check that, take the user in login page, and use "Display permission" to check which roles are used to define the user right, and check each role.
How to grant permission to different objects to different groups?
The way to segregate the permissions across various object via groups is as below
1: The system provided default Roles for each COMP, as show below
2: Duplicate each ROLE of the COMP to have implicit rules, as the default Roles are not that restrictive. For example, screen shot below where UNI610/X Administrator, Read-only, Operators are duplicated
3: Now in newly created Roles change the specific “Permissions on Objects”, for example to restrict UPROC access we are going to do below (UPR=TIP* = Authorized i.e. only allowing to view UPROC with name TIP*)
4: Create a Group for example TIP Admin and make sure we assigned newly created role to it, as below
5: Navigate to UVC > Administration > Logins and assign the user this new Group. Please note as the permissions are union, so this user is associated with custom groups, associated with custom roles
6: Login to UVC as user TEST and the user will only see the UPROC with name TIP*, example screen shot below
7: Duplicate the Role DUAS UNI610/X Administrators TIP to DUAS UNI610/X Administrators NONTIP, as below
8: Now in newly created Roles change the specific “Permissions on Objects”, for example to restrict UPROC access we are going to do below (UPR=TIP* = Forbidden i.e. and allowing others i.e. UPR=*)
9: Create a Group for example NON TIPADMIN and make sure we assigned newly created role to it, as below
10: Navigate to UVC > Administration > Logins and assign the user this new Group.
11: Login with nontipaccess and you will only see UPROC which are not TIP*