Roles and Permissions
Permissions allow granular level access control over any function or operation available in Bipp. Users can only access functionality and resources that they are authorized to access based on the permissions assigned to them. Permissions on resources may be available as a result of one or many of the following scenarios
- Explicit permission has been granted to the user through a specific role that is assigned to the user.
- The resource is part of a space and user has the required permissions to access resources in that space
- User is part of a group that has the required permissions on that resource
- User is part of a group that has the required permissions on a space containing the resource.
A permission may be granted to a user/group only through roles. Following are a few examples of permissions available in Bipp
- Can create alerts on the dashboard
- Can view the commits on the dashboard
- Can delete a dashboard
- Can view the datasource
- Can run a query on the datasource
- Can download sheet data
- Can create groups in a tenant
- Can remove users from the tenant
As you can see, there is a permission available for every type of action that can be performed on different types of resources like dashboards, sheets, datasources, projects, spaces, tenants etc. Permissions are system defined and cannot be changed by end users including administrators.
A role is a collection of permissions that can be assigned to a user. A set of pre-defined roles are available across all tenants and may be assigned to users in the tenant. These can be viewed under the Roles tab on the IAM page that is accessible from the main application menu.
Pre-defined roles are available across all tenants and cannot be edited or deleted.
Users who have permissions to add roles to the tenant can create custom roles as required by their organization by combining different permissions. Custom roles are specific to a tenant. A new role may be added by clicking on the Add New Role button at the top-right of the IAM screen. The Add Role window will be shown as follows. To create a new role you need to provide a name, description and permissions to be included in the role.
Unlike pre-defined roles, custom roles may be updated or deleted by clicking on the corresponding options in the context menu for the specific role. The Edit Role window will be shown as follows. Name, description and permissions included may be updated.