Default Permissions Table
Iotellect Server builds a default permissions table for every new user account. The contents of this table depend on the account name and the contents of two Iotellect Server global properties: Additional Permissions For New Users and Default User Permissions.
Last Records
The last three records of the new user's permissions table have specific functions defined below.
Context Mask | Permissions |
users.NAME_OF_USER | Manager |
users.* | None |
* | Manager |
The first record declares Manager-level access to all contexts that are defined under the user's own User context (e.g. users.NAME_OF_USER.alerts etc.). This level will be used if no dedicated permission level is assigned to a user's resource by the prior records.
The second line denies access to contexts of all other Iotellect Server users by setting None-level permissions for them. Thus, the effective permission level for the context users.user123.widgets will be None (Unless, of course, the new account happens to be user123).
The third line defines the Manager-level access to all other contexts that are not related to user accounts. This prevents a new user from executing administrative actions. For example, a new user will not be able to view administrative events because the Default Permission Level of the Administration context is Administrator. They would also not be able to stop or restart the Iotellect Server, because the Stop server and Restart server actions (defined in the Root Context) require Administrator-level access to this context.
Default User Permissions
For every record of the Default User Permissions table, two new records are added to the new user's permissions table:
For every resource in the Default Permissions Table a record
users.admin.RESOURCE_NAMEis added to the top of the users permission table.When all the records are added, the process starts again, and for every resource in the Default User Permissions Table a record
users.NAME_OF_USER.RESOURCE_NAMEis added to the top of the new user's permission table
If the Default User Permissions record is disabled, the user is assigned the None permission level to the resource specified by the Default User Permissions record. Otherwise, the default level specified during user registration is used for the resource.
Here is an example of a new user's permissions table:
Context Mask | Permissions |
users.NAME_OF_USER.devices | Manager |
users.NAME_OF_USER.filters | None |
users.NAME_OF_USER.alerts | Manager |
users.NAME_OF_USER.jobs | None |
users.NAME_OF_USER.queries | None |
users.NAME_OF_USER.dashboards | Manager |
users.NAME_OF_USER.autorun | None |
users.NAME_OF_USER.favourites | None |
users.admin.devices | Observer |
users.admin.filters | None |
users.admin.alerts | Observer |
users.admin.jobs | None |
users.admin.queries | None |
users.admin.dashboards | Observer |
users.admin.autorun | None |
users.admin.favourites | None |
users.NAME_OF_USER | Manager |
users.* | None |
* | Manager |
In the above example, only Devices, Alerts, and Dashboards were enabled in Default User Permissions during user creation.
Additional Permissions for New Users
All records from the Additional Permissions For New Users table are added to the very top of the permissions table and thus have the highest priority.
Let's assume we have two records in the Additional Permissions table:
Context Mask (use % for the user name) | Permissions |
users.%.dashboards.specialDashboard | Administrator |
users.admin.models.specialModel | Administrator |
Since the % character is replaced by a username once the Additional Permissions For New Users table is processed, we'll get the following lines leading permissions table of a new user:
Context Mask | Permissions |
users.NAME_OF_USER.dashboards.specialDashboard | Administrator |
users.admin.models.specialModel | Administrator |
... | ... |
Was this page helpful?