Changes for page Permissions Configuration

Last modified by colinw on 2021/09/10 23:34

From version 8.1
edited by colinw
on 2014/11/15 22:00
Change comment: Enabling/disabling permissions for a core server.
To version 9.1
edited by colinw
on 2014/11/10 22:21
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,65 +1,22 @@
1 -{{layout}}
2 -{{layout-section ac:type="two_right_sidebar"}}
3 -{{layout-cell}}
4 -{{warning}}
5 -This page is currently being written. Although the information below is probably accurate, it may not be complete or may have errors.
6 -{{/warning}}
1 +==== **//On this page~://** ====
7 7  
8 -{{info}}
9 -The information on this page applies to **iSymphony 3.1+**.
10 -{{/info}}
11 11  
12 -= (% style="color: rgb(0,0,0);" %)Description(%%) =
13 13  
14 -The Permissions resource provides access to query and define permissions for iSymphony. See the reference information below for details about the REST interactions used to define permissions. The rest of this description is provided to make it easier to understand the various interactions that go into the permission system in iSymphony.
15 -{{/layout-cell}}
5 +{{toc maxLevel="2" indent="1"/}}
16 16  
17 -{{layout-cell}}
18 -{{panel title="On this page:"}}
7 += Description =
19 19  
9 +The Permissions resource provides access to query and define permissions for iSymphony.
20 20  
21 -{{toc maxLevel="2" indent="1"/}}
22 -{{/panel}}
23 -{{/layout-cell}}
24 -{{/layout-section}}
25 -
26 -{{layout-section ac:type="single"}}
27 -{{layout-cell}}
28 -=== Overview ===
29 -
30 -In version 3.0 and previous of iSymphony, permissions were defined for 'permissible' objects in the system - each object that could be controlled via permissions (extensions, queues, other users, etc) would store a list of the users allowed to perform actions on it, and which actions each was allowed to perform. Beginning in version 3.1 of iSymphony, the situation has been reversed, to make it easier to administer permissions and hopefully less confusing. Permissions are defined for each user or user group in the system, in a cascading manner. They are evaluated in order of decreasing specificity, and in the case of a conflicting tie, the action is allowed. This must be considered when using the REST system to define permissions. See the documentation for permissions for more details.
31 -
32 -=== Defaults ===
33 -
34 -By default, all users in the system are allowed to perform all actions. Therefore, if a specific permission key has not been defined for a user (either on the user itself, or one of the groups it is a member of), that action should be considered allowed. When defining a permission, the default policy is also allowed, unless the allowed flag is set to false.
35 -
36 -=== **Exceptions** ===
37 -
38 -The heart of the permission system lies in the exceptions to the rules. This allows for powerful combinations to be achieved. Generally, the objects defined by their UUIDs in the exceptions field will be allowed to perform an action if the allowed flag is false, and prevented from performing that action if the allowed flag is true. That is, they will follow the opposite of the general policy for that definition.
39 -
40 -=== Special Values ===
41 -
42 -There are a few special predefined values that are used by the permission system. They are:
43 -
44 -* All Users Group: The all users group is hard-coded into iSymphony to contain all users. You can use this to set global permissions on the clients. The UUID for the 'All Users' group is 21d97061-ff6a-11e1-a21f-0800200c9a66.
45 -* 'Owned' permission target: In many cases, an administrator may want to defined that users only have access to their "own" objects: their user, their extensions, their phone numbers, etc. In this case, setting the permission to 'Deny', with the special exception df41edec-2707-46eb-8b8f-146b01d9b29e will only give users access to their own objects.
46 -
47 47  = Root Resource Paths =
48 48  
49 49  {{code}}
50 50  communication_manager/api/resource/core/{core_server_id}/permissions
15 +communication_manager/api/resource/core/getBySlug/{core_server_slug}/permissions
51 51  {{/code}}
52 52  
53 53  = JSON Representation =
54 54  
55 -{{code title="Core Server Permissions Enabled" language="js"}}
56 -{
57 - "permissionsEnabled": false
58 -}
59 -{{/code}}
60 -
61 -Note: the above object is only used to enable or disable permissions. See the page on the core server configuration itself to query the status of the permissions.
62 -
63 63  {{code title="PermissionConfig" language="js"}}
64 64   {
65 65   "key": "cellPhoneOriginateTo",
... ... @@ -120,31 +120,10 @@
120 120  
121 121  |=(% colspan="2" %)(% colspan="2" %)
122 122  (((
123 -communication_manager/api/resource/core/{core_server_id}/permissions
124 -)))
125 -|=(((
126 -**Description**
127 -)))|(((
128 -Specifies whether permissions should be enabled or disabled for the entire core server. When disabled, no permission checks will be performed, so the rest of the settings specified in the permissions system will have no effect. Note that you must have a supported license installed to enable permissions.
80 +{{{communication_manager/api/resource/core/{core_server_id}/permissions/userGroup/{user_group_id}}}}
129 129  
130 -**Parameters**:
131 -
132 -* core_server_id: The UUID of the core server
133 -
134 -**Errors**:
135 -
136 -* 500 'Your license does not support permissions.': Returned if you do not have a license installed, or if your license does not support permissions.
82 +{{{communication_manager/api/resource/core/getBySlug/{core_server_slug}/permissions/userGroup/{user_group_id}}}}
137 137  )))
138 -|=(((
139 -PUT
140 -)))|(((
141 -Sets whether permissions are enabled or disabled globally on the core server.
142 -)))
143 -
144 -|=(% colspan="2" %)(% colspan="2" %)
145 -(((
146 -{{{communication_manager/api/resource/core/{core_server_id}/permissions/userGroup/{user_group_id}}}}
147 -)))
148 148  |(% class="highlight-grey" data-highlight-colour="grey" %)(% class="highlight-grey" data-highlight-colour="grey" %)
149 149  (((
150 150  **Description**
... ... @@ -171,6 +171,8 @@
171 171  |=(% colspan="2" %)(% colspan="2" %)
172 172  (((
173 173  {{{communication_manager/api/resource/core/{core_server_id}/permissions/userGroup/{user_group_id}/{key}}}}
110 +
111 +{{{communication_manager/api/resource/core/getBySlug/{core_server_slug}/permissions/userGroup/{user_group_id}/{key}}}}
174 174  )))
175 175  |(% class="highlight-grey" data-highlight-colour="grey" %)(% class="highlight-grey" data-highlight-colour="grey" %)
176 176  (((
... ... @@ -228,6 +228,8 @@
228 228  |=(% colspan="2" %)(% colspan="2" %)
229 229  (((
230 230  {{{communication_manager/api/resource/core/{core_server_id}/permissions/user/{user_id}}}}
169 +
170 +{{{communication_manager/api/resource/core/getBySlug/{core_server_slug}/permissions/user/{user_id}}}}
231 231  )))
232 232  |(% class="highlight-grey" data-highlight-colour="grey" %)(% class="highlight-grey" data-highlight-colour="grey" %)
233 233  (((
... ... @@ -255,6 +255,8 @@
255 255  |=(% colspan="2" %)(% colspan="2" %)
256 256  (((
257 257  {{{communication_manager/api/resource/core/{core_server_id}/permissions/user/{user_id}/{key}}}}
198 +
199 +{{{communication_manager/api/resource/core/getBySlug/{core_server_slug}/permissions/user/{user_id}/{key}}}}
258 258  )))
259 259  |(% class="highlight-grey" data-highlight-colour="grey" %)(% class="highlight-grey" data-highlight-colour="grey" %)
260 260  (((
... ... @@ -309,37 +309,42 @@
309 309  * 404 'No permission with that key is defined for that user.': Returned if there is no permission defined for the user with that permission key.
310 310  )))
311 311  
312 -= Curl Examples =
254 += Sub/Child Resource Paths =
313 313  
314 -{{info}}
315 -The server ID in the below examples is 9280cd1c-4ad7-4ed9-ae8a-0648b0b45cf7. You will need to change this to the appropriate ID for your installation, as well as change other IDs.
316 -{{/info}}
256 +|=(% colspan="2" %)(% colspan="2" %)
257 +(((
258 +{{{path}}}
259 +)))
260 +|(% class="highlight-grey" colspan="1" data-highlight-colour="grey" %)(% class="highlight-grey" colspan="1" data-highlight-colour="grey" %)
261 +(((
262 +**Description**
263 +)))|(% colspan="1" %)(% colspan="1" %)
264 +(((
265 +description
266 +)))
317 317  
318 -=== (% style="color: rgb(0,0,0);" %)Get all defined permissions for the 'All Users' group(%%) ===
268 += Curl Examples =
319 319  
270 +=== Get ===
271 +
320 320  {{code language="bash"}}
321 -curl --user manager:manag3rpa55word -i -H "Content-Type: application/json" https://127.0.0.1:55050/communication_manager/api/resource/core/9280cd1c-4ad7-4ed9-ae8a-0648b0b45cf7/permissions/userGroup/21d97061-ff6a-11e1-a21f-0800200c9a66
273 + 
322 322  {{/code}}
323 323  
324 -=== Get all defined permissions for a specific user ===
276 +=== (% style="color: rgb(0,0,0);" %)Update(%%) ===
325 325  
326 -{{code}}
327 -curl --user manager:manag3rpa55word -i -H "Content-Type: application/json" https://127.0.0.1:55050/communication_manager/api/resource/core/9280cd1c-4ad7-4ed9-ae8a-0648b0b45cf7/permissions/user/8a026a93-3201-4554-b993-32576a3b8ea5
278 +{{code language="bash"}}
279 + 
328 328  {{/code}}
329 329  
330 -=== (% style="color: rgb(0,0,0);" %)Deny the 'passwordChange' permission for the above user(%%) ===
282 +=== Add ===
331 331  
332 332  {{code language="bash"}}
333 -curl --user manager:manag3rpa55word -i -H "Content-Type: application/json" -X PUT -d '{"key":"passwordChange","allowed":"false"}' https://127.0.0.1:55050/communication_manager/api/resource/core/9280cd1c-4ad7-4ed9-ae8a-0648b0b45cf7/permissions/user/8a026a93-3201-4554-b993-32576a3b8ea5/passwordChange
285 + 
334 334  {{/code}}
335 335  
336 -=== Remove the 'passwordChange' permission for the above user ===
288 +=== Delete ===
337 337  
338 -Note: this will not prevent the user from changing their password. It will cause the user to inherit the permission of any user groups they are a part of.
339 -
340 340  {{code language="bash"}}
341 -curl --user manager:manag3rpa55word -i -H "Content-Type: application/json" -X DELETE https://127.0.0.1:55050/communication_manager/api/resource/core/9280cd1c-4ad7-4ed9-ae8a-0648b0b45cf7/permissions/user/8a026a93-3201-4554-b993-32576a3b8ea5/passwordChange
291 + 
342 342  {{/code}}
343 -{{/layout-cell}}
344 -{{/layout-section}}
345 -{{/layout}}