Version

    Groups

    Group is an abstract set of users, which gives assigned users some permissions. So it is not necessary to specify permissions for each single user.

    There are independent levels of permissions implemented in CloverDX Server

    Table 21.4. Default groups created during installation

    Group nameDescription
    admins This group has an operation permission all assigned, which means, that it has unlimited permission. Default user clover is assigned to this group, which makes him administrator.
    all users By default, every single CloverDX user is assigned to this group. It is possible to remove a user from this group, but it is not a recommended approach. This group is useful for some permissions to sandbox or some operation, which you would like to make accessible for all users without exceptions.

    Users Assignment

    Relation between users and groups is N:M. Thus in the same way, how groups are assignable to users, users are assignable to groups.

    Groups permissions

    Groups permissions are structured as a tree, where permissions are inherited from the root to leafs. Thus if some permission (tree node) is enabled (blue dot), all permissions in sub tree are automatically enabled (white dot). Permissions with red cross are disabled.

    Thus for the admin group just the all permission is assigned, every single permission in the sub tree is assigned automatically.

    With none of the following privileges, a user can: log into the Server console, create a server project (in Designer) from its own sandbox, create a file in its own existing sandbox, and run graphs.

    • All permissions

      The user with this permission has all available permissions. The Admin group has all permissions by default.

    • Tasks history

      Allows the user to access the Tasks history section, see Chapter 29, Tasks.

    • Monitoring

      Monitoring permission grants user all its subpermissions.

    • Configuration

      Allows the user to access the configuration section.

      • Users

        This permission allow user to access the Users section and configure user accounts.

        • List user

          Allows the user to list users and access to the Users administration section (ConfigurationUsers)

        • Change passwords

          Allows the user to change his password and to change password of another user.

          To see list of users, the user needs the list user permission.

        • Edit user

          Allows the user to change group assignment.

          To see the list of users, the user must have the list user permission.

          • Edit own profile and password

            Allows the user to change his profile (first name, last name, email, and password).

            The user can access her profile in main web console view under username, in upper right corner of the page.

        • Unlock user

          Allows the user to unlock a user.

          The user must have the list user permission to list available users.

        • Delete user

          Allows the user to disable a user.

          The user must have the list user permission to list available users.

        • Create user

          Allows the user to create a new user.

          If the user is to be created in the Server web interface, the creating user must have the list user permission to list users to access this option.

        • Groups assignment

          Allows the user to assign users to groups.

          The user must have the edit user permission to successfully finish the assignment of users to groups.

          If the user is to be created in the Server web interface, the creating user must have the list user permission to list users to access this option.

      • Groups

        Allows the user to manage groups: user can list groups, create groups, delete groups, edit the group, assign users to the group, and change permissions of the group.

        • List groups

          Allows the user to list groups. This permission is necessary for use of other options from the Groups group.

        • Create group

          Allows the user to create a new user group.

          If the user group is to be created in the Server web interface, the user must have the list groups permission to view a list of groups and to access this option.

        • Delete group

          Allows the user to delete a user group.

          Only empty groups can be deleted. You need to have the list groups permission to view list of groups and to access this option.

        • Edit group

          This permission allow user to edit user groups.

          This permission does not include User assignment and Permission assignment.

          If the user group is to be edited from server web interface, the user must have the list groups permission.

        • Users assignment

          Allows the user to assign users to groups.

          The user needs Edit group permission to commit the changes in the assignment.

          If the assignment is to be edited in the Server web interface, the user must have the list groups permission to list the groups.

        • Permission assignment

          Allows the user to configure group Permissions.

          The user needs have the Edit group permission to commit the changes.

          If the permissions are to be edited in the Server web interface, the user must have the list groups permission to list the groups.

      • Secure parameters administration

        • Secure params

          Allows the user to change the value of a secure parameter.

          The user can use secure parameters in graphs even without this permission.

      • CloverDX/System info sections

        Allows the user to view System Info and CloverDX Info sections.

      • CloverDX Server properties

        Allows the user to view Server Properties tab and Data Profiler properties tab in CloverDX Info section.

        The user must have the CloverDX/System info sections permission to access CloverDX Info section.

      • Reload license

        Allows the user to reload and view the server license.

        The user must have the CloverDX/System info sections permission to access the Configuration section.

      • Upload license

        Allows the user to update the server license.

        The user must have the CloverDX/System info sections permission to access the Configuration section.

        See Activation.

      • Server Configuration Management

        Allows the user to import and export the server configuration.

        See Chapter 23, Server Configuration Migration.

      • Temp Space Management

        Allows the user to access Temp Space Management section.

        See Chapter 19, Temp Space Management.

      • Server Setup

        Allows the user to access the server setup.

        See Chapter 13, Setup.

      • Heap Memory Dump

        Allows the user to create a Thread dump and a Heap Memory Dump.

        See Chapter 26, Diagnostics.

    • Groovy Code API

      Allows the user to run Groovy scripts.

    • Open Profiler Reporting Console

      Allows the user to log into the Profiler reporting console.

      The permission is necessary to view the results of CloverDX Profiling Jobs in Designer.

      Even without this permission, a user can create and run .cpj jobs from Designer.

    • Open Server Console

      Allows the user to log into the Server console.