User Management - Authorization (RBAC)

Public Preview

Agile Data Engine supports role based access control (RBAC) for authorizing users access to separate features and user interfaces (External API is an exception to this) when the new User Management v2 is in use.

Roles are predefined and can be granted per user basis. Roles are scoped on tenant/installation/environment level when applicable.

Full role format is following:

{tenant}-{installation}-{environment}:ade-{application}-{role}

where

• tenant: tenant where role is applied (required)

• installation: installation name where role is applied (optional / used for core roles)

• runtime: runtime environment name where role is applied (optional / used for core roles)

• application: application or scope where role is used (required)

• role: role to be applied check roles table (required)

Left side of the role format is the scope and the right side is the application role.

The role assignments for users can be requested through the Support Portal. Later on self-service user management will become available through the End-User Admin UI (currently in Private Preview).

ADE Core (tenant-specific applications) authorization

ADE Core access

For accessing ADE Core (tenant-specific part of the service) you need to have some role for the application. Ade-login role can be used to fulfill this requirement. It is good to notice that other ADE Core roles e.g. deployment related roles are enough to fulfill the same requirement. Ade-login role can be used if there is no other possible roles to give.

Deployment actions

These roles for deployment actions make it possible to define per environment level which users can promote & demote, and which users can start the actual deployments.

See details in Deployment Management - Access and Roles

Insights

To access Insights you need to have one of Insights roles assigned.

See details in Access and Roles