Permission Management

Permissions provide access to certain system resources according to the following logic:

scope:action:id

The scope must be supported by the CoB module for which the permission is being applied to:

• RecordM supported scopes: domain, definition, instance, pages and reports. Check here the full list of information management scopes and their actions.
• UserM supported scopes: user, group, role, and permission. Check here the full list of user management scopes and their actions.
• DeviceM supported scopes: page, equips, templates, jobreqs, and reports. Check here the full list of device management scopes and their actions.
• IntegrationM supported scopes such as actions. Check here a list of IntegrationM management scopes and their actions.

There is also a scope for getting access to each web page representing every action available within the CoB platform: the module scope. This scope only works as intended when followed by the view action: module:view

After the scope, the permission must mention the action it is aimed at. Available actions are create, read, update, and delete.

Finally, we state the id of the entity to which we want to apply the permission. For instance, if we want to be able to get access to the E-Learning Contents domain at learning.cultofbits.com/recordm, we would use the following permission: domains:read:1.

In that specific case, a user can only benefit from this permission if they are members of the FUNC E-Learning Contributer group. This is because the role rm - E-Learning Contents - domain, which include the domains:read:1 permission, has been added to this group.

Within the CoB platform, permissions can be accessed from your server's UserM interface. Once there, click on the Permissions link located on the top right navigation bar.