Permissions
The Baseline Dogu works with three permission groups that define which permissions users have in the Baseline Dogu.
1. Mapping the groups from the user management
The icon located left to your own username in the navigation bar of the Baseline Dogu indicates your assigned role.
In the following you will find information about which user groups exist, how they differ and how you can configure them as an administrator.
Permission groups
The following permission groups are defined for the Baseline Dogu:
2. User groups
- Baseline reader
- Baseline editor
- Baseline admin
The authorization groups build on each other:
- Baseline editors automatically have baseline reader permissions.
- Baseline admins automatically have the permissions of the baseline editor.
2.1 Baseline reader
The Baseline Reader has reading access to the Baseline Dogu.
Members of this group can open the Baseline Dogu and view projects, baselines, and baseline details.
Note that users must be at least assigned to the Baseline readers group to open the Baseline Dogu.
If no Baseline reader group is configured, all users of the Cloudogu EcoSystem automatically have the permissions of a baseline reader. By default, the baseline reader group is not defined.
2.2 Baseline editor
The Baseline editor has restricted write access to the Baseline Dogu.
Members of this group can edit, set up and close the Baseline-Dogu in addition to the rights of the Baseline-Reader group.
The following actions may be performed by members of the Baseline editors group:
- Open baseline
- Fix a baseline
- Recollect artifacts from a baseline
- Fix element group
- Reopen an element group
- Add manual elements
- Edit or delete existing elements
Members of the Baseline editors group do not have the right to reopen a baseline or make changes to the configuration.
2.3 Baseline admin
The Baseline admin has writing and administrative access to the Baseline Dogu.
The following actions may be performed by members of the Baseline admin group:
- All actions of the baseline editor
- Reopen Baseline
- Change project configuration
- View baseline tool settings
In addition to the members of the Baseline admin group, all instance administrator (members of the system group Admin group) have the permissions of the Baseline admin group.
Definition of the permission groups
On the Administration page in the Baseline Dogu you can view the currently defined names of the authorization groups. You can use the Administration menu item to the left of your user name to open the Administration page in the Baseline Dogu if you have the necessary rights to do so.
On this page you will find the most important information about the permission groups.
Using the icon next to the name of the respective permission group, you can copy the name of the permission group directly to the clipboard.
The role names are predefined by default. However, via the configuration of the Baseline Dogu in etcd you can rename them according to your wishes via the command cesapp edit-config baseline
:
- Baseline reader: Via
<baseline_path>/groups/readers
you can optionally assign a name for the baseline reader group. - Baseline editor: Using
<baseline_path>/groups/editors
, you can optionally assign a name for the baseline editor group. By default, "baselineEditors" is assigned. - Baseline admin: Using
<baseline_path>/groups/admins
you can optionally assign a name for the baseline admin group.
The groups are defined as a string.
Assigning permission groups
To assign permissions to users for the Baseline Dogu, create the corresponding groups manually in the User Management. Then assign the users as desired.
Please note that the groups must have the same name as defined in the configuration of the Baseline Dogu.