Access rights
User roles are an element that enables accurate and flexible control of user access to functionalities and data in the Integray. By assigning specific roles to individual users with the appropriate permissions, you provide them access to only those functions and data that are necessary for their work. User roles are predefined and immutable, meaning you do not have the option to configure your own role or edit existing one. This apporach ensures uniformity and consistency across the Integray.
Assigning user roles
There are two methods to assign user roles to a user. The first method is through the Administration section, which is accessible only to users with the Administrator role. To access the Administration, click on the username in the lower left corner and press the Admin button. Next, navigate to the Users in the left sidebar and select the user to whom the new role should be assigned. In the Company access area, check the checkbox next to the desired Company (or click the Roles button) to display the menu of user roles. Then, choose the desired roles and click the Select.
Note
The Administrator role is automatically obtained by the user who installed the Integray environment or was assigned to him by another Administrator.
In the Admin - Users section, a user with the Administrator role can view not only the name, login name, and email of each user but also the list of assigned user roles. This additional information provides the Administrator with a comprehensive overview of each user's role assignments, allowing for effective management and control of user access and permissions.
The second method is through the Basic role, which is automatically assigned to all new Integray users. This role grants the user access to create a new Company. By creating a new Company, the user obtains a new General editor role specific to the newly created Company. This role allows the user, among other things, to assign roles to other users based on their work needs. In the Company detail view, click the Roles button or check the checkbox next to the user's name to display a menu of available user roles. Then, choose the desired roles and click the Select.
List of user roles
- Administrator
- General editor
- Basic
- Task editor
- Endpoint editor
- Security editor
- Config editor
- Log editor
- Task run manager
- Viewer
Permissions and accesses
The list of user rights and permissions is divided into three basic screens. The Home screen, which is the main page of the application. The Administration screen, which is used only for the administrator of the Integray environment. And the Configurations screen - rights and permissions for a specific companies.
Administrator
The Administrator role is an important role within the system, reserved for users with extensive privileges and responsibilities. Only another Administrator has the authority to assign this role. Users with the Administrator role gain access to the Admin section, where they can effectively manage all companies, users, user rights, application settings, install new versions of connectors, and more.
| Screen | Item | Rights | Note |
|---|---|---|---|
| Administration | Companies | create, update, delete | all companies |
| Administration | Companies | orchestrator On / Off | all companies |
| Administration | Users | create, update, delete | |
| Administration | Application settings | update | |
| Administration | Jobs | update | |
| Administration | Connector repository | install | |
| Administration | Table size | view | |
| Administration | Index fragmentation | view | |
| Administration | Connector repository | install | |
| Administration | Log hub rules | create, update, delete | all companies |
| Administration | Log hub writers | create, update, delete | all companies |
| Administration | Agent log | view | all companies |
| Administration | Audit log | view | all companies |
| Administration | System log | view | |
| Administration | License | view |
General editor
The General Editor role is automatically granted to any user who creates a Company (or it can be assigned by another user). This role enables users to manage tasks related to their Company without the need for assigning additional roles. As the General Editor, the user has the authority to oversee and manage all aspects of their Company's operations, including user management, role assignments, and configuration.
| Screen | Item | Rights | Note |
|---|---|---|---|
| Home | Company (own) | update | only for owner |
| Home | All Tasks | lifecycle (restart / cancel / park / unpark) | only granted Companies |
| Home | Dashboard | view | only granted Companies |
| Home | All overview | view | only granted Companies |
| Home | All summary | view | only granted Companies |
| Home | All viewer | view | only granted Companies |
| Home | All analysis | view | only granted Companies |
| Home | Endpoint API | view | only granted Companies |
| Home | Agent log | view | only granted Companies |
| Home | Audit log | view | only granted Companies |
| Configuration | Orchestrator | On / Off | only granted Companies |
| Configuration | Publish | publish | only granted Companies |
| Configuration | Tasks | create, update, delete | |
| Configuration | Tasks | lifecycle | run, restart, kill, flush |
| Configuration | Endpoints | create, update, delete | |
| Configuration | Agents | create, update, delete | |
| Configuration | Agents | lifecycle | download / update / restart |
| Configuration | Data schemas | create, update, delete | |
| Configuration | Configurations | create, update, delete | |
| Configuration | Endpoint tokens | create, update, delete, assign to endpoint | |
| Configuration | Variables | create, update, delete | |
| Configuration | Data transfer | download, upload, process | |
| Configuration | Log hub rules | create, update, delete | only granted Companies |
| Configuration | Log hub writers | create, update, delete | only granted Companies |
Basic
| Screen | Item | Rights | Note |
|---|---|---|---|
| Home | Company (own) | Create | only for owner |
| Home | Connectors | View |
Task editor
| Screen | Item | Rights | Note |
|---|---|---|---|
| Home | Endpoint API | view | only granted Companies |
| Configuration | Tasks | create, update, delete | |
| Configuration | Tasks | lifecycle | run, restart, kill, flush |
| Configuration | Data schemas | create, update, delete | |
| Configuration | Configurations | create, update, delete |
Endpoint editor
| Screen | Item | Rights |
|---|---|---|
| Configuration | Endpoints | create, update, delete |
| Configuration | Data schemas | create, update, delete |
| Home | Endpoint API | view |
Security editor
| Screen | Item | Rights |
|---|---|---|
| Configuration | Endpoints tokens | create, update, delete, assign to endpoint |
| Configuration | Variables | create, update (only the value) |
Config transfer
| Screen | Item | Rights |
|---|---|---|
| Configuration | Data transfer | download, upload, process |
Log editor
| Screen | Item | Rights | Note |
|---|---|---|---|
| Configuration | Log hub rules | create, update, delete | only granted Companies |
| Configuration | Log hub writers | create, update, delete | only granted Companies |
Task run manager
| Screen | Item | Rights | Note |
|---|---|---|---|
| Home | Dashboard | view | only granted Companies |
| Home | All overview | view | only granted Companies |
| Home | All analysis | view | only granted Companies |
| Home | All summary | view | only granted Companies |
| Home | All viewer | view | only granted Companies |
| Home | All tasks | lifecycle (restart / cancel / park / unpark) | only granted Companies |
Viewer
| Screen | Item | Rights | Note |
|---|---|---|---|
| Home | Audit log | view | only granted Companies |
| Home | Agent log | view | only granted Companies |
| Home | Dashboard | view | only granted Companies |
| Home | All overview | view | only granted Companies |
| Home | All analysis | view | only granted Companies |
| Home | All summary | view | only granted Companies |
| Home | All viewer | view | only granted Companies |
| Configuration | Tasks | read only | |
| Configuration | Endpoints | read only | |
| Configuration | Agents | read only |
Unassigning user roles
Similar to assigning, the user roles can also be removed in two methods. The first method is through the Administration section, which is accessible exclusively to users with the Administrator role. Open the Administration - Users section and select the user from whom you want to unassign user roles. In the Company access section you can remove all roles by unchecking the checkbox on the line with the user's name (this is recommended in case of future re-assignment of the same roles for that user). Or click the Roles button to remove individual roles.
The second method can be performed by a user with the General editor role, who is responsible for managing users within the granted company. He can assign, modify or remove user roles for individual users. To remove user roles, navigate to the Company Detail view. All roles can be removed at once by unchecking the checkbox, or only individual roles can be removed by clicking the Roles button and unchecking the roles you wish to remove.
