¶ Permissions
VergeIO provides a permission system in which you can control, at a very detailed level, the permissions you give to different Users and Groups. For example, you may have an individual User to which you only want to grant access to a single VM or a small set of VMs. This type of detailed control applies to all the objects of the system (Sites, VMs, Tenants, Users and Groups, etc.)
Permissions define what operations are permitted:
- List
- Read
- Create
- Modify
- Delete
¶ Permission Scopes
The Permissions above can be applied at any of the following levels:
- Cloud Level - everything within the VergeIO Cloud / Tenant
- Object Types (Sections) - all objects of the given type — all Tenants, all VMs, etc.
- Individual Objects - a specific instance of an object, — a particular VM, an individual user, a specific Tenant, etc.
¶ To View / Configure All Defined Permissions:
Navigate to System > Permissions from the Cloud Dashboard.
This will show a listing of all Permissions that are currently configured in the system.
- Type: This shows the Section the Permission is applied to.
- Name: The individual instance. --All Sections-- or --All-- in the Name field denotes that the Permission applies to the entire section defined in Type.
- Grantee: The User or Group that has been given the Permission.
- List / Read / Create / Modify / Delete: The granted Permissions applied will be checked.
¶ To add a Permission (from the System -> Permissions page)
-
Select Add User or Add Group from the left menu.
-
Complete the fields as required.
- Grantee: (dropdown) Select the desired User / Group.
- Permissions: (checkbox) Select / check all desired Permissions.
- Permission To: (dropdown)
- Type: Select the section to apply this Permission to.
- Name: Select one of the particular instances or select --All-- to apply the Permission to all instances of the selected Type.
NOTE: Leaving the fields at the default values: Type= --Your Cloud-- and Name= --All sections-- will apply the Permission to everything within this VergeIO Cloud.
- Click Submit to save the new Permission.
¶ To Edit an Existing Permission
Double-click the desired Permission in the listing. This will bring up the Permission input form, where modifications can be made.
¶ Accessing Permissions for Specific Areas
You can also access Permissions from most other Dashboards to deal with Permissions related to that particular area of the system. When you add a Permission from a particular area, the Type and Name fields are pre-populated based on the current dashboard where the Permissions menu option was selected. Grantee (User / Group) and Permissions (list / read / create / modify / delete) should be selected as needed.
¶ EXAMPLE 1:
Selecting Permissions from the Virtual Machines Dashboard to view / configure Permissions that apply to all Virtual Machines:
- Navigate to Machines.
- Select Virtual Machines.
- Select Permissions. A listing of all current Permissions specifically defined for (all) Virtual Machines is displayed.
NOTE: The list may be empty.
- Select Add User or Add Group from the left menu.
The screenshot below shows the Add User form accessed from the Virtual Machines Dashboard. We selected a specific User from the dropdown and selected the appropriate checkboxes for the desired Permissions. The Type / Name fields were pre-populated with Virtual Machines / All since we accessed it from the Virtual Machines Dashboard.
¶ EXAMPLE 2:
Selecting Permissions from a Particular Virtual Machine Dashboard to view / configure Permissions that apply to that individual Virtual Machine:
- Navigate to Machines.
- Select Virtual Machines. A listing of all Virtual Machines is displayed.
- Double-click the desired VM. The Dashboard for the individual VM appears.
- Select Permissions. A listing of all current Permissions defined specifically for this individual Virtual Machine is displayed.
NOTE: The list may be empty.
- Select Add User or Add Group from the left menu.
The screenshot below shows the Add Group form accessed from the Virtual Machines Dashboard. We selected a specific group from the dropdown ans selected appropriate checkboxes for the desired
Permissions. The Type / Name fields were pre-populated with VM / All because we accessed the Permissions menu option from that Virtual Machine Dashboard.
¶ Accessing Permissions Assigned to a Specific User / Group
Permissions can be accessed from the User or Group Dashboard, to view / configure only the permissions assigned to that particular User / Group.
¶ EXAMPLE:
Selecting Permissions on a particular User Dashboard to view / configure Permissions assigned to that individual User:
- Navigate to System > Users
- Double-click desired User.
- Select Permissions from the left menu. All Permissions directly assigned to the User are displayed.
- Double-click an existing Permission in the listing to edit that Permission.
-OR-
Select New to add a new Permission for the User / Group.
¶ Cumulative Permissions
The effective Permissions of a User is cumulative of all Permissions assigned to the User. This incudes directly assigned and assigned via group memberships. Permissions are verified at the time an action is initiated. If any Permission assigned to the User (directly or via Group) applies, the operation is allowed.
¶ EXAMPLE 1:
Settings:
- JSmith is assigned list / read Permissions to the Cloud.
- Jsmith is a member of the "machine-operators" group; the "machine-operators" group is assigned list / read / create / modify / delete Permissions to Machines.
- JSmith is a member of the "assistants" group; the "assistants" group is assigned only list / read / modify Permissions to several particular Machines.
Result:
Effective Permissions for Jsmith for all Machines: list / read / create / modify.
NOTE: Since Permissions are cumulative, JSmith would have list / read / create / modify / delete Permissions to all Machines, even if more restrictive Permissions were defined on a particular Machine instance.
¶ EXAMPLE 2:
Settings:
- RJohnson is assigned list / read Permissions to the Cloud.
- RJohnson is a member of the "tenant-admins" group; the "tenant-admins" group is assigned Permissions of list / read / modify to Tenants.
- RJohnson is assigned list / read / modify / delete Permissions to the particular "Zcorp" Tenant.
Result:
Effective Permissions for RJohnson for all Tenants: list / read / modify
Effective Permissions for RJohnson for the "Zcorp" Tenant: list / read / modify / delete.
Need more Help? Email support@verge.io or call us at (855) 855-8300