Roles
Roles within A-Ops are part of object ACL definitions and provide named roles granting object read/write/delete access similar to groups. Differently from groups roles do not get automatically painted to objects and unless manually defined inherited providing system defined permissions. Additionally, roles also provide functional access to API endpoints permitting actions to be executed i.e. running triggers on-demand.
Roles can be defined directly on users or as part of groups that users are members of.
Role Name |
Description |
cluster.messages.admin |
Preform work administration actions including ping, update and reload from the worker status page. In addition this role also permits on-demand triggering of triggers and flow continuation |
worker.install |
Ability to download / generate worker installation files from the worker status page |
debug.create |
Create new debug sessions, but is not required to access existing debug sessions |
integrations.admin |
Access to integration management allowing install and uninstall actions to be performed. Users will also require cluster.admin to carry out integration management activities |
cluster.admin |
Works in conjunction with integrations.admin to permit integration management. Additionally, this role enables access to support pages and grants the ability to enable and disable remote support for your tenant |
users.admin |
User management for members of your tenant |
license.admin |
Access to view the license details |
cluster.poll |
Used by worker to ask for work |
cluster.create |
Used by worker to create a new cluster member during authentication |
cluster.messages.trigger |
Ability to trigger flows on-demand using right click run and/or web hook type functionality |
cluster.messages.integration |
Request a worker to execute a given integration code module or function |
Models
Models provide mapping between different object types and the underlying integrations. In order for any object to be read by a user then at a minimum read access to that objects model is required - this is also true for the ability to create new objects of a given type i.e. read access to that model is required.
Role Name |
Description |
model.read |
Read a model which also provides the capability to create new objects of that given model |
model.admin |
Full read/write/delete access to all models |
.create |
Read the named model which will also provide the capability to create object of that given model |
Conducts
A-Ops workspaces whereby flows are created that contain many different trigger and action objects. Objects created on a conduct automatically inherit a role that contains the conduct_id allowing simplification of sharing conducts and all underlying objects without having to update all of the object ACLs.
Role Name |
Description |
conducts.read |
Read access to all conducts |
conducts.admin |
Full read/write/delete access to all conducts |
conduct.[conduct_id].read |
Read access to the triggers/actions placed on a conduct |
conduct.[conduct_id].admin |
Full read/write/delete to the triggers/actions placed on a conduct |
Triggers
Role Name |
Description |
triggers.read |
Read access to all trigger objects |
triggers.admin |
Full read/write/delete access to all trigger objects |
Actions
Role Name |
Description |
action.read |
Read access to all action objects |
action.admin |
Full read/write/delete access to all action objects |
Users
Role Name |
Description |
users.read |
Read access to all users |
users.admin |
Full read/write/delete access to all users |
Groups
Role Name |
Description |
groups.read |
Read access to all groups |
groups.admin |
Full read/write/delete access to all groups |
Tenant
Role Name |
Description |
tenant.read |
Read access to the tenant |
tenant.admin |
Full read/write/delete access to the tenant |
License
Role Name |
Description |
license.admin |
Full read/write/delete access to the license |
Application
Role Name |
Description |
application.read |
Read access to all applications |
application.admin |
Full read/write/delete access to all applications |
Audit
Role Name |
Description |
audit.read |
Read access to audit items |
Cluster
Role Name |
Description |
cluster.read |
Read access to the cluster members |
cluster.admin |
Full read/write/delete access to the cluster members |
Debug
Role Name |
Description |
debug.admin |
Full read/write/delete access to debug sessions and data |
Integrations
Role Name |
Description |
integrations.read |
Read access to all integrations |
integrations.admin |
Full read/write/delete access to all integrations |
Revisions
Role Name |
Description |
revision.read |
Read access to all revisions |
revision.admin |
Full read/write/delete access to all revisions |
Secrets
Role Name |
Description |
secret.read |
Read access to all secrets |
secret.admin |
Full read/write/delete access to all secrets |
Settings
Role Name |
Description |
settings.read |
Read access to all settings |
settings.admin |
Full read/write/delete access to all settings |
Storage
Role Name |
Description |
storageProvider.read |
Read access to all storage providers |
storageProvider.admin |
Full read/write/delete access to all storage providers |
storage.read |
Read access to all storage items |
storage.admin |
Full read/write/delete access to all storage items |