Managing access permissions

The list of access permissions is displayed in the Users section of the Permissions tab. By default, the Full access permission is created, which grants full access to the orchestrator web interface and is automatically assigned to users and LDAP user groups if you do not assign them a different access permission.

The actions you can perform with the list are described in the Managing solution component tables instructions.

Creating access permissions

To create an access permission:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Permissions tab.

   The list of access permissions is displayed.

3. In the upper part of the list, click + Permission.
4. In the displayed settings area, in the Name field, enter the name of the access permission. Maximum length: 250 characters.
5. In the Access rights section next to the sections and subsections of the orchestrator web interface, select one of the following values:
   • Editing to allow the users to view the section or subsection and perform all available tasks in it.
   • Viewing to allow users only to view the section or subsection.
   • No access to prevent users from viewing the section or subsection.

   If you want the subsections to inherit the value selected for the section, select the Apply to subsections check box. This check box is cleared by default.

6. Click Create.

The access permission is created and displayed in the list.

You can assign an access permission when creating or editing a user, or when creating or editing an LDAP user group.

Editing access permissions

To edit an access permission:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Permissions tab.

   The list of access permissions is displayed.

3. Click the access permission that you want to edit.
4. In the displayed settings area, edit the following settings, if necessary:
   • Name of the access permission
   • Sections and subsections of the orchestrator web interface and actions available to users
5. Click Save.

The access permission is modified and updated in the list.

Cloning access permissions

You can clone an access permission to create an identical access permission with a different name.

To clone an access permission:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Permissions tab.

   The list of access permissions is displayed.

3. Click the access permission that you want to clone.
4. In the upper part of the displayed settings area, click Management → Clone.
5. This opens a window; in that window, enter the name of the new access permission.
6. Click Clone.

A copy of the access right with the new name is added to the list.

Removing an access permission

Deleted access permissions cannot be restored.

To remove an access permission:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Permissions tab.

   The list of access permissions is displayed.

3. Click the access permission that you want to delete.
4. In the upper part of the displayed settings area, click Management→ Delete.
5. In the confirmation window, click Delete.

The access permission is deleted and is no longer displayed in the list.