Global access to system resources
Adding users/groups to a global access list with their role allows you to grant them specific privileges (according to their role) for all entities and resources in the AirCloud hierarchy.
According to the system's access policy, any AirCloud user can be present in the global access list (with a specific set of roles) only once at any given time, either personally or as a member of a user group.
The process of configuring global access consists of the following steps:
1. Navigate to the Global Access configuration section, using the item of the same name on the left menu bar.
The screen that appears displays a general list of global access, containing a list of groups and users that already have global permissions in the system, specifying their:
roles;
status;
the value of the option to extend privileges from parent resources of the system to all children.
2. From the general list of global permissions it is possible to go:
to the screen of adding new users/groups to the access list by pressing the "Provide access" button;
to the mode of editing an existing entry in the access list - by pressing the button update access;
to delete an entry from the access list - by pressing the item delete item of the context menu of the selected record.
To create/edit/delete records in the global access list you must additionally have the XXXXX privilege, otherwise you will only be able to view it.
3. In the mode of creating/editing records in the global access list, you can:
3.1. specifying users or their groups in the Users or groups field - after entering the first characters in the field input line, the system will search for them and display the matching results.
The entered combination of characters is searched simultaneously among the group and user names available in the system.
You can search for a user/group by one (????) of the following attributes:
- user's e-mail address;
- user name;
- group name.
The search results output is organized on two tabs Users and Groups.
A user already added to the access list will be unavailable for selection, i.e. it is impossible to
add the same user to the access list twice;
add a user who is already present in the global access list as a member of a user group.
3.2. specifying roles for users - the specified roles will be applied to all selected users and groups.
3.3. Select Status - an administrator tool that can be used, for example, to temporarily deactivate a user/group's global access without having to edit the overall global access list.
3.4. "Propagate to children" switch can be applied topropagatethe specified user roles to all child resources of the system.
Important: global permissions should be used with caution, especially if you activate the option to propagate them down the hierarchy from parent resources ("Propagate to children"), because a user from the global access list will have access even to children resources added in the future.
3.5. Clicking the "Provide access" button saves the changes made to the global access list and updates the privileges of all users and groups specified in it.
Although it is possible to create new entries in the global access list for users and groups at the same time within one transaction, the system will create separate Type = USER and Type = GROUP entries for each user and each group when saving the changes using the "Provideaccess" button.
Subsequent editing of global permissions must be done separately for each of the records.