Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Iguana X IguanaX has a Role role based permission system to restrict user access to various Iguana system and Component component controls.

...

To perform actions, a User needs the required permission. The only user that has all permissions granted to them by default is the admin user. By default, all other Users do not have access to edit Iguana system settings - they By default, every Iguana instance has an admin user with full access to Iguana system and component controls. Any users created by the admin must be granted access permissions through the use of Role Tags. For example, to edit ‘roles’ a User would need to have a matching #Role Tag that grants access to ‘Edit Roles’.

In Settings > Roles, the admin User can create custom #Role with lists of granted permissions to be assigned to both Users and Components.

  • Iguana system permissions will be applied to the User with the assigned #Role.

  • Component permissions will only be in effect for components with the assigned #Role in the Component Card Tags. The User #role does not need to match the Component #role, the component #role permissions trump.

...

Create a Role

...

roles to perform any iguana system or component actions.

Roles contain a list of granted permissions and are assigned to users and components as #role Tags. There are two types of roles:

Expand
title1) User Role - assigned to users to grant Iguana system and component controls.

User Roles are assigned to users to grant Iguana system and component controls.

For example, you may have separate #roles for team members using Iguana based on their needs:

  • #dev who has full controls

  • #support who may only require access the logs, start/stop components and view scripts.

Screen Shot 2024-03-20 at 5.22.29 PM.pngImage Added
Expand
title2) Component Role - assigned to both a user and component(s) to apply permissions to particular components

These can be used when you have particular components that you want to place further restrictions on. For a Component Role to apply, the User (agent) and the component (target) must have matching #roles.

For example, critical components that may be used for operational purposes which do not need to be accessed by every user, a #critical role can be created and assigned to the component and the users who require access. Any user without the matching #critical role assigned, will not have the permissions on that #critical components.

Screen Shot 2024-03-20 at 5.22.47 PM.pngImage Added

Creating Roles

Expand
titleSTEP 1: In Settings > Roles, click Add and enter a #role name
  • Click Add Role at the top right corner of the Roles page.

  • In the Add a Role window, enter your Role Tag #role name and click Add.

Screen Shot 2024-03-04 at 12.09.20 PM.pngImage Removed
Note

Tags are case sensitive and must match exactly when applied to Users and Components.

Image Added

Choose
Expand
titleChoose Iguana and Component controls to grant Users and Components with this Role
STEP 2: Choose the Role Type and use the check boxes to grant permissions to system and component controls
  • Choose the Role Type - User or Component.

  • Use the select all or check boxes to choose the the Iguana system and Component component controls you want to grant Users users and Components /or components with this Role role - click Save.

  • Once a Role role is created, it can be edited or deleted as required.

Screen Shot 2024-03-04 at 12.10.23 PM.pngImage Removed

...

Screen Shot 2024-03-20 at 5.39.07 PM.pngImage Added

Assigning Roles

To assign a #Role, enter the Role
Expand
titleIn Assign each user a User Role and optional Component Roles can be assigned to Users in Settings > Users , add the desired #Role to your User
Expand
title

In Settings > Users, click Edit on the User you wish to add a #Rolerole. You can add multiple Roles roles to a single User, each Role is additive and will provide the User the assigned access permissions.

Screen Shot 2024-03-04 at 1.06.47 PM.pngImage Removed

Assign Roles to Components

Components without any tags that match a Role are considered ‘unsecure’ with no permission restrictions applied to the component - ie. anyone can do anything to the component. To apply permissions to a component, you must add a Tag to the component that matches a Role.

Expand
titleComponents without tags that match a Role have no permission restrictions applied

In the Component Card Tags, you will see an alert stating that there are no matching role tags (no permissions applied), meaning that the User will have full component permissions available.

Screen Shot 2024-03-04 at 1.20.26 PM.pngImage Removed

user to apply both User Roles and Component Roles.

Screen Shot 2024-03-20 at 5.34.01 PM.pngImage Added
Expand
titleComponent Roles must be assigned to both the required Users and the Components.

Component Roles are assigned to components in the Component Card Tags field.

  • Open a component card and enter the

#Role
  • #role in the Tags field. Once entered, a

Role
  • role related

Tag
  • tag will be bold and link you to the Role configuration if clicked.

  • If a #Role is not assigned to any components, the component related role permissions will be applied to all components. (this is not true)

  • If a #Role is assigned to select components, the component related role permissions will only be applied to the tagged components. The User will have full component related permissions on all other components.

Screen Shot 2024-03-04 at 1.23.38 PM.pngImage Removed

If a User applies a #Role tag which does not have Tag editing permission to a component, a warning will appear to confirm the change before applying the new permissions.

Screen Shot 2024-03-04 at 1.29.16 PM.pngImage Removed
  • you want to add a #role to multiple components, you can use Bulk Editing of Tags in the Bulk Action bar on the Dashboard.

Screen Shot 2024-03-20 at 5.45.07 PM.pngImage Added

Once unique Users and Roles are configured in your Iguana instance, if you have another User with full admin rights, you can delete the admin user. In the future if this needs to be restored, you can do so on the command line.