Roles

Roles within A-Ops are part of object ACL definitions and provide named roles granting object read/write/delete access similar to groups. Differently from groups roles do not get automatically painted to objects and unless manually defined inherited providing system defined permissions. Additionally, roles also provide functional access to API endpoints permitting actions to be executed i.e. running triggers on-demand.

Roles can be defined directly on users or as part of groups that users are members of.

Platform Actions

Role Name Description
cluster.messages.admin Preform work administration actions including ping, update and reload from the worker status page. In addition this role also permits on-demand triggering of triggers and flow continuation
worker.install Ability to download / generate worker installation files from the worker status page
debug.create Create new debug sessions, but is not required to access existing debug sessions
integrations.admin Access to integration management allowing install and uninstall actions to be performed. Users will also require cluster.admin to carry out integration management activities
cluster.admin Works in conjunction with integrations.admin to permit integration management. Additionally, this role enables access to support pages and grants the ability to enable and disable remote support for your tenant
users.admin User management for members of your tenant
license.admin Access to view the license details
cluster.poll Used by worker to ask for work
cluster.create Used by worker to create a new cluster member during authentication
cluster.messages.trigger Ability to trigger flows on-demand using right click run and/or web hook type functionality
cluster.messages.integration Request a worker to execute a given integration code module or function

Models

Models provide mapping between different object types and the underlying integrations. In order for any object to be read by a user then at a minimum read access to that objects model is required - this is also true for the ability to create new objects of a given type i.e. read access to that model is required.

Role Name Description
model.read Read a model which also provides the capability to create new objects of that given model
model.admin Full read/write/delete access to all models
.create Read the named model which will also provide the capability to create object of that given model

Conducts

A-Ops workspaces whereby flows are created that contain many different trigger and action objects. Objects created on a conduct automatically inherit a role that contains the conduct_id allowing simplification of sharing conducts and all underlying objects without having to update all of the object ACLs.

Role Name Description
conducts.read Read access to all conducts
conducts.admin Full read/write/delete access to all conducts
conduct.[conduct_id].read Read access to the triggers/actions placed on a conduct
conduct.[conduct_id].admin Full read/write/delete to the triggers/actions placed on a conduct

Triggers

Role Name Description
triggers.read Read access to all trigger objects
triggers.admin Full read/write/delete access to all trigger objects

Actions

Role Name Description
action.read Read access to all action objects
action.admin Full read/write/delete access to all action objects

Users

Role Name Description
users.read Read access to all users
users.admin Full read/write/delete access to all users

Groups

Role Name Description
groups.read Read access to all groups
groups.admin Full read/write/delete access to all groups

Tenant

Role Name Description
tenant.read Read access to the tenant
tenant.admin Full read/write/delete access to the tenant

License

Role Name Description
license.admin Full read/write/delete access to the license

Application

Role Name Description
application.read Read access to all applications
application.admin Full read/write/delete access to all applications

Audit

Role Name Description
audit.read Read access to audit items

Cluster

Role Name Description
cluster.read Read access to the cluster members
cluster.admin Full read/write/delete access to the cluster members

Debug

Role Name Description
debug.admin Full read/write/delete access to debug sessions and data

Integrations

Role Name Description
integrations.read Read access to all integrations
integrations.admin Full read/write/delete access to all integrations

Revisions

Role Name Description
revision.read Read access to all revisions
revision.admin Full read/write/delete access to all revisions

Secrets

Role Name Description
secret.read Read access to all secrets
secret.admin Full read/write/delete access to all secrets

Settings

Role Name Description
settings.read Read access to all settings
settings.admin Full read/write/delete access to all settings

Storage

Role Name Description
storageProvider.read Read access to all storage providers
storageProvider.admin Full read/write/delete access to all storage providers
storage.read Read access to all storage items
storage.admin Full read/write/delete access to all storage items