Help Center/ OneAccess/ User Guide/ Enterprise Administrator Guide/ Resources/ Applications/ Application Permission Management
Updated on 2024-12-30 GMT+08:00
View PDF
Share

Application Permission Management

You can allow OneAccess users to access applications based on their permissions through the application permissions module. After user permissions are granted, if the user needs to return the permission information to the application system, you need to configure the mapping. For details, see Mappings.

You can manage application permissions only by roles or by roles, permissions, and resources.

Managing Permissions by Roles

It is a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Users with different responsibilities are granted the corresponding roles. Roles and permissions are managed by the application.

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Resources > Applications.
  3. On the displayed page, click an application name to access the application details page.
  4. In the application permission module, click Configure.
  5. Click Based on Roles, enter role information, you can also click Add Another Role to add multiple roles, and click Save. After you add the roles, they will be displayed in the application roles page for you to manage permissions.

You can add roles, edit roles, add members, and delete roles.

  • On the application roles page, click Add Role, enter a role name and role code, and click OK.
  • Click Modify in the Operation column to change the role name.
  • Click Add Member in the Operation column, select the accounts to which the permission is to be granted, and click OK. To grant multiple role permissions to an account, click to enable Multiple Roles for Each User. This function cannot be disabled after being enabled.
  • Click Delete in the Operation column, in the displayed dialog box, click OK. If an application role has a referenced account, the application role cannot be deleted.

Managing Application Permissions by Roles, Permissions, and Resources

It is a fine-grained authorization mechanism that allows you to manage permissions for specific application resources based on roles. This mechanism meets the requirements for security control with the least privilege. For example, as an enterprise administrator, you can authorize users to perform specific operations on data resources of the application.

When tree-structured resource permissions are assigned to a role, the parent and child resources can be assigned independently.

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Resources > Applications.
  3. On the displayed page, click an application name to access the application details page.
  4. In the application permission module, click Configure.
  5. On the displayed page, click Based on Roles, Permissions, and Resources, enter the resource name and resource code, and select the data structure. Click the add button to add more resources. You can also click Use the organization to call the application organization information.

  6. Click Next. In the displayed page, enter a permission name and permission code, and select a resource and permission type. You can click the add button to add multiple permissions.
  7. Click Next, enter a role name and role code, and click the add button to add more roles. Click Finish. The application role and permission module are generated for you to view the added roles and permissions.

On the application roles page, you can add roles, edit roles, add permissions, add members, delete roles, and manage permissions and members.

  • On the application roles page, click Add Role, enter a role name and role code, and click OK.
  • Click Modify in the Operation column to change the role name.
  • Click Add Permissions in the Operation column, select a permission name, select all resources or specific resources, and click OK.
  • Click Add Member in the Operation column. Select the account to which the role permission is to be granted and click OK. After the member is added, you can view it in the authorized role list of the corresponding resource. To grant multiple roles to an account, click to enable Multiple Roles for Each User. This function cannot be disabled once enabled.
  • Click Delete in the Operation column, in the displayed dialog box, click OK. If an application role has a referenced account, the application role cannot be deleted.
  • Click the role name. On the Permissions tab page, click Add Permission to grant permissions to the role.

    • On the Permissions tab page, click Modify in the Operation column to modify a permission.
    • On the Permissions tab page, click Cancel Authorization in the Operation column to cancel the authorization.
  • Click the role name and go to the Members tab page.
    • Click Add Member to add members to the role.

    • On the member management page, select the members to be removed and click Remove in the upper right part. You can also click Remove in the Operation column to remove specific members.

You can manage permissions and resources.

  • Permissions
    • On the permission page, click Add Permission to add a permission. The permission code must be unique.

    • Click on the right of the permission name and click View Details to view the permission details, including the permission name, code, and resources.

    • Click on the right of the permission name and click Modify to modify the permission name and type.
    • Click on the right of the permission name and click Delete to delete the permission.
  • Resources

    Application organizations can be regarded as resources. For details about how to maintain application organizations, see Managing Application Organizations. Before using the application organization, you need to enable it. For details, see Application Organizations. There is tree and list data structure. You can create a multi-level structure if you select the tree data structure. By default, an application organization uses the tree data structure.

    An item is a subset of a resource. Operations on resources are also applicable to items. The operations include adding, modifying, and deleting. The following uses resources as an example.
    1. On the permissions page, click Manage Resources. The application resource page is displayed.
    2. Click Add Resource, enter a resource name and code, and select a data structure.
    3. Click OK. The resource is added successfully and is displayed in the resource list.
    You can manage resources by adding items, editing resources, and deleting resources.
    • Click Add Item in the Operation column to add an item to the resource. If the resource uses the tree data structure, you can add sub-items to the item. Items belonging to a resource have unique codes.
    • Click Modify in the Operation column to modify the resource. To modify an item, click Modify in the Operation column. Click Modify for an application organization, the application organization page is displayed. For details about how to maintain an application organization, see Managing Application Organizations.
    • Click Delete in the Operation column of a resource to delete the resource. To delete an item, click Delete in the Operation column of the item.
Parent topic: Applications