Global Privileges

Owned by Manas Bajaj
Last updated: Jun 17, 2024 by Brian MillerVersion comment
4 min read

The Global Privilege management capabilities of the Syndeia Web Dashboard are presented on this page. After reviewing the details on this page, we highly recommend reviewing the General Recommendations for User Privileges page for guidance on Global and Digital Thread Project privileges needed for most Syndeia end-users.

Contents

Prerequisites

We recommend that Syndeia admins review the following pages in this guide before learning about Global Privileges.

Global Permissions

The User Details page for a specific user includes a section for Global Privileges, as shown in Figure 1 below.

image-20240419-163118.png
Figure 1: User Details page

The Global Privileges section shows the following:

  • Global Permissions that can be assigned to the given user.

  • Specific Global Permissions that are currently assigned to the given user, as indicated by check marks against the listed Global Permissions.

The following table describes each of the available Global Permissions.

Permission UI Name

Permission Value (used in API)

Description

Permission UI Name

Permission Value (used in API)

Description

CONTAINER: CREATE

CONTAINER_CREATE

Permission needed for creating new containers.

  • Required for creating new Digital Thread Projects (Containers).

  • Required for creating relations in Digital Thread Projects. Creation of new relations between artifacts in external repositories will need to persist artifacts and their parent containers in Syndeia.

CONTAINER:  DELETE

CONTAINER_DELETE

Permission needed for deleting containers.

CONTAINER:  MODIFY

CONTAINER_MODIFY

Permission needed for updating name and description of containers.

  • Required for updating name and description of Digital Thread Projects.

REPOSITORY: CREATE

REPOSITORY_CREATE

Permission needed for creating/adding new external repositories.

REPOSITORY:  DELETE

REPOSITORY_MODIFY

Permission needed for deleting external repositories. See Repository Deletion.

REPOSITORY:  MODIFY

REPOSITORY_DELETE

Permission needed for updating name and description of external repositories.

TYPE:  CREATE

TYPE_CREATE

Permission needed for creating types for repository, container, artifact or relation.

  • Required for creating relations in Digital Thread Projects. Creation of new relations between artifacts in external repositories will need to persist types of artifacts and their parent containers in Syndeia.

TYPE:  DELETE

TYPE_DELETE

Permission needed for deleting types for repository, container, artifact or relation.

TYPE:  MODIFY

TYPE_MODIFY

Permission needed for modifying types for repository, container, artifact or relation.

USER:  CREATE

USER_CREATE

Permission needed for creating local users. See https://intercax.atlassian.net/wiki/spaces/SYN36/pages/3405053969.

USER:  MODIFY

USER_MODIFY

Permission needed for modifying/updating users.

USER:  READ

USER_READ

Permission needed for viewing the list and details of all users. See https://intercax.atlassian.net/wiki/spaces/SYN36/pages/3405053969. permission

USER:  REMOVE

USER_REMOVE

Permission needed for removing users.

ARTIFACT / RELATION: WRITE

ARTIFACT_RELATION_WRITE

Permission needed for authoring (adding, updating, deleting) artifacts and relations.

  • Required for authoring relations in Digital Thread Projects.

RESTFUL:  WRITE

RESTFUL_WRITE

Permission needed for authoring (creating, updating, deleting) collections and requests in RESTful repositories.

GRAPH:  QUERY
New in 3.6

 

GLOBAL_GRAPH_QUERY

New in 3.6

  • Permission needed for running global graph queries. See Global Graph Queries - Web Dashboard for details.

  • In earlier releases, all users were able to run global graph queries. With the introduction of Digital Thread Projects and User Privileges specific to Digital Thread Projects, users can run and manage graph queries in the context of their Digital Thread Projects. See Queries - Digital Thread Project.

  • This permission provides an admin level capability to run graph queries across ALL Digital Thread Projects. As a result, this permission should ONLY be assigned to admins or advanced users who are overseeing ALL Digital Thread Projects on the given Syndeia Cloud deployment See General Recommendations for User Privileges to learn more.

ALL (except USER): READ

READ

Permission needed for accessing the basic capabilities of Syndeia.

  • This permission must be assigned to ALL active (enabled) users by default.

  • We do not recommend removing this permission directly via the API if any others are enabled.  

Roles

Roles are groups of permissions. For a given user, roles can be added or removed from the Roles field in the Basic Details section, as shown in Figure 2 below.

image-20240419-174828.png
Figure 2: Roles

The table below lists the available roles in this release of Syndeia.

Role Value

Description

Role Value

Description

Admin

Admin Role

  • Includes all user related permissions (USER CREATE, MODIFY, READ, REMOVE)

  • Includes access to the Users menu in the main menu bar (LHS).

User

User Role

  • Default role for ALL users. It cannot be unassigned.

Global Privilege Management

To assign or remove permissions for a given user, check or uncheck the box next to the permissions in the Global Privileges section and press the Save button, as shown in Figure 3 below.

General Recommendation

Refer to the General Recommendations for User Privileges page for guidance on Global Privileges needed for most Syndeia end-users.