Skip to content

Permissions

Permissions allows you to control what actions user can take and which pages of Management Console user can see.

Host Management > Administration > Permissions includes information on designating users with built-in or custom defined roles. Refer to the section Roles for information on roles.

The following actions can be performed from the Permissions page:

  • Add Permission

  • Edit Permission

  • Delete Permission

Add Permission

Administrator can designate a user with built-in or custom defined roles to enable that user as an Administrator of HyWorks. To add a permission, follow the steps given below:

  1. Login as Administrator with appropriate privileges.

  2. Go to Administration > Permissions.

  3. Click Add Permission.

  4. In the User/Group tab, click User/Group. In Available Client dialog, search for the user or group to whom the permission is to be assigned and select user.

  5. Select Propagate to Child to propagate the permissions to the child organizations i.e., this administrator will be able to login and perform administrative tasks on the child organization as well.

    Note

    The access to Propagated permissions can be revoked later using the Restrict Access option or overriding its role.

  6. Click Next to assign role to the permission.

  7. Select the role from the list. List displays all the built-in and custom defined roles.

  8. Select Propagate to Child to propagate the permissions to the child organizations.

  9. Click Save.

Permission will be added and will be listed in the Permissions section.

Any user added with this role will be able to login and manage the following organizations

  1. Current organization where the role is defined

  2. Child organizations if propagated

Permission Propagation

The Permission propagation refers to inheritance of parent organization's permission to its child organizations.

The option to enable propagation appears during the Add/ Edit Permissions wizard.

Example: A Permission is created for a user 'Admin1' at the parent organization with the Administrator role and the Propagate to child option is enabled.

The user 'Admin1' will have access to the root organization as well as all the child organizations with the role of administrator.

Disable Propagation

Propagation can be disabled at:

  1. parent level

  2. child organization level

    1. Disable Propagation at the oarent level: At the time of adding/editing permissions at the parent organization, uncheck the Propagate to child to disable propagation. Once unchecked the Administrator won't have permissions for the child organizations.

      Example: Refer to the image shown in the section Permission Propagation

      1. Create a Permission for the user 'Admin2' in the parent organization with the Propagate to child option unchecked. Log in to the Management Console with the user 'Admin2''s credentials.

      2. The user 'Admin2' will have access to only the parent organization. They will not be able to see or enter other organizations.

    2. Disable Propagation at the child organization level: Disable propagation at the child organization level by editing the permissions at the child organization level.

      Example: Refer to the image shown in the section Permission Propagation

      1. Create a Permission for the user 'Admin3' in the parent organization with the Propagate to child option checked.

      2. Go to the child organiztion 'Org 1'. Edit the permission for user 'Admin3' and uncheck Propagate to child .

      3. Log in to the Management Console with the user 'Admin3'.

        The user 'Admin3' will not be able to see/modify organizations at the 'Org 1.1' and 'Org1.2' since propagation is disabled in the organization 'Org 1'.

Edit Permission

Permissions can be modified at the parent level or at the child level. Depending on the level the permission is being invoked, some options are enabled or disabled.

Note

The logged in user cannot modify their own permissions.

Edit Permission at the Parent (Definition) Level

  1. Log in to the organization where the permissions are defined and needs to be modified, as an Administrator with the appropriate privileges on Permissions.

  2. Go to Administration > Permissions section.

  3. Select any user that is an Administrator and click Edit.

  4. In the Change Access Permission dialog:

    1. Select a new role for the user

    2. Enable or disable Propagation as required

  5. Click OK to save the changes.

Role changes will come into effect immediately, while the propagation changes requires the user to log in to the system again.

Edit Permission at the Child Level

  1. Log in as the Administrator with appropriate privileges on Permissions into the child organization.

  2. Go to Administration > Permissions section.

  3. Select any user that is an Administrator and click Edit .

  4. In the Change Access Permission dialog:

    1. Select a new role for the user

    2. Enable or disable Propagation as required

    3. Uncheck Restrict Access if you want to disable Administrator access on this child organization

  5. Click OK button to save the changes.

Changes will be saved and

  1. Role changes will come into effect immediately.

  2. Propagation changes will come into effect from the next login event.

  3. Restrict Access changes will come into effect from the next login event.

  4. Once the permissions are modified at the child organizations level, their parent level is changed to the current organization (child) as well, and they become the object of that organization.

Restrict Access

The Restrict Access option is available at the child organization level only for the propagated Administrators. This feature can be used to block the access of the propagated Administrator at the child organization level.

Example: Refer to the image shown in the section Permission Propagation

  1. Create a Permission for the user 'User4' at the parent organization with the Propagate to child option checked.

  2. Edit the permission for the user 'User4' at the child organization 'Org2' with the 'Restrict Access' option enabled.

  3. Log in to the Management Console with the user 'User4' credentials.

  4. User4 will not be able to see/modify the organization 'Org2' and 'Org2.1' since their access is restricted for those organizations.

Once the parent level permission changes, no affect will occur by changes done at the parent organization level so the properties should be modified at the parent levels.

Delete Permissions

It is possible to delete permissions at the parent level and a user cannot delete their own permissions.

  1. Log in as the Administrator with appropriate privileges in the Permissions section into the organization where the permissions to be modified are defined.

  2. Go to the Administration > Permissions section.

  3. Select the Administrator user to be deleted and click Delete.

  4. In the Confirm Action dialog, click Remove.

Permissions will be removed and will not be displayed in the permissions list and uhe User will be logged out from the organization.

Permissions Overriding

Permission overriding can be done in the two ways:

  1. Permissions are first defined at the parent organization level with propagation and at the child organization level, they are redefined to have a new role.

    1. On the parent organization level, the user will have access as per their defined role in that organization.

    2. On the child organization level, the user will have access as per the new role.

  2. Permissions are defined for a user group and then for the individual user as well.

    1. On the parent organization level, the user will have access as per their permissions, which overrides the permissions coming from group.

    2. On the child organization level, access and privileges will be provided as per the user's individual permissions.