Permissions

Permissions allow you to assign access policies to identities like users, user collections, groups or contexts that do not have one assigned. And for those who have one assigned, you can overwrite it here.

Add permissions/Edit permissions dialog box

The Entity field is optional and adds an extra level of permissions, on top of the access policy you select in this dialog box. It applies only to the Administrator predefined access policy and to newly created access policies. In other words, if you select the Catalog Maintainer, Connector or User access policy, the zone/system level permission will have no effect.

The level permissions are:

• Zone - The user can make changes only to his zone.
  • In Manage > System > Servers he has read-only permission regarding the information about the Application Workspace Satellite Servers associated with his zone.
  • In Manage > System > System updates he has read-only permission regarding the updates applied to his zone and Application Workspace Satellite Servers associated with his zone.
• System - The user can make changes to his zone and the Application Workspace System but not to other zones. His main capabilities are to:
  • create non-primary zones, Application Workspace Servers and Application Workspace Satellite Servers
  • manage and apply system updates to all servers related to his zone
  • view all the zones within his Application Workspace System and choose which one to be primary
  • recover administrator access within a zone
  • configure settings for Azure blob/local storage
  • configure system level permissions for other users

For more information about what privileges each access policy has, go to System > Access policies > open an access policy > Privileges screen.