Iguana X has a role based permission system to restrict user access to various Iguana system and component controls.
By default, the every Iguana instance has an admin user has with full access to Iguana system and component controls. Any users created by the admin must be granted access permissions through the use of roles to perform any iguana system or component actions.
Roles contain a list of granted permissions and are assigned to users and components as#role Tags.
In Settings > Roles, the admin user can create custom role #tags with lists of granted permissions.
Iguana system permissions will be applied to the User with the assigned role #tag.
By default, components have unrestricted permissions - ie. any user can do anything to the component. To apply a matching role #tag to a component, it must be added to the Component Card Tags.
Create a Role
...
There are two types of roles:
Expand | ||
---|---|---|
| ||
User Roles are assigned to users to grant Iguana system and component controls. For example, you may have separate #roles for team members using Iguana based on their needs:
|
Expand | ||
---|---|---|
| ||
These can be used when you have particular components that you want to place further restrictions on. For a Component Role to apply, the User (agent) and the component (target) must have matching #roles. For example, critical components that may be used for operational purposes which do not need to be accessed by every user, a #critical role can be created and assigned to the component and the users who require access. Any user without the matching #critical role assigned, will not have the permissions on that #critical components. |
Creating Roles
Expand | ||
---|---|---|
| ||
Note: Tags are case sensitive , and must match exactly when applied to Users and Components. |
Expand | ||||
---|---|---|---|---|
| Choose
| |||
|
...
Assigning Roles
Expand | ||
---|---|---|
| ||
In Settings > Users, click Edit on the User you wish to add a role. You can add multiple roles to a single user , each role is additive and will provide the user the assigned access permissions. |
...
to apply both User Roles and Component Roles. |
Expand | ||
---|---|---|
| ||
In the Component Card Tags, you will see an alert stating that there are no matching role tags (no permissions applied), meaning that the User will have full component permissions available. | ||
Expand | ||
| ||
Component Roles are assigned to components in the Component Card Tags field.
If a User applies a #Role tag which does not have Tag editing permission to a component, a warning will appear to confirm the change before applying the new permissions. | ||
Expand | ||
| ||
When a single role #tag is added to a component, its permissions are applied to all users. If multiple role #tags are added to a component, only the user’s matching role #tag permissions are applied to user. |
Once unique Users and Roles are configured in your Iguana instance, if you have another User with full admin rights, you can delete the admin user. In the future if this needs to be restored, you can do so on the command line.