Resource access lists
AirCloud resource access list is intended for storing information about who has access to this resource and what operations a user/group of users is allowed to perform with it. Thus, an "access list" is an entity that has its own affiliation with the AirCloud system inventory object(local access list).
However, there are such top-level resources and entities in the AirCloud object hierarchy(e.g,Cluster, Role etc.) that are not children of any of the system objects and therefore lie outside the zone of influence of their local access lists. To manage such objects and entities, a global access list is intended.
Global permissions (if configured) allow users/groups to manage absolutely all objects in the hierarchy of the AirCloud solution deployed in the company.
For exampleif you add a user to the global access list with the "Admin" role and activate the "Propagate to children" option for him/her, then for all AirCloud resources this user will have the "Admin" role with the privilege set defined for this role.
If the "Propagateto children" option is not activated, the user will have access with the "Admin" role only to parent resources and global (top-level) entities that do not belong to any of the system hierarchies.
Important: Keep in mind that manually defined permissions for a child object have a higher priority than permissions propagated from its parent object in the hierarchy.
For more information about working with access lists, see " "Granting local access to a resource" и "Global access to system resources".