//Cloudogu EcoSystem Docs

Permissions

The Baseline Dogu works with three permission groups that define which permissions users have in the Baseline Dogu.

1. Mapping the groups from the user management

The icon located left to your own username in the navigation bar of the Baseline Dogu indicates your assigned role.

In the following you will find information about which user groups exist, how they differ and how you can configure them as an administrator.

Permission groups

The following permission groups are defined for the Baseline Dogu:

2. User groups

  • Baseline reader
  • Baseline editor
  • Baseline admin

The authorization groups build on each other:

  • Baseline editors automatically have baseline reader permissions.
  • Baseline admins automatically have the permissions of the baseline editor.

2.1 Baseline reader

The Baseline Reader has reading access to the Baseline Dogu.

Members of this group can open the Baseline Dogu and view projects, baselines, and baseline details.

Note that users must be at least assigned to the Baseline readers group to open the Baseline Dogu.

If no Baseline reader group is configured, all users of the Cloudogu EcoSystem automatically have the permissions of a baseline reader. By default, the baseline reader group is not defined.

2.2 Baseline editor

The Baseline editor has restricted write access to the Baseline Dogu.

Members of this group can edit, set up and close the Baseline-Dogu in addition to the rights of the Baseline-Reader group.

The following actions may be performed by members of the Baseline editors group:

  • Open baseline
  • Fix a baseline
  • Recollect artifacts from a baseline
  • Fix element group
  • Reopen an element group
  • Add manual elements
  • Edit or delete existing elements

Members of the Baseline editors group do not have the right to reopen a baseline or make changes to the configuration.

2.3 Baseline admin

The Baseline admin has writing and administrative access to the Baseline Dogu.

The following actions may be performed by members of the Baseline admin group:

  • All actions of the baseline editor
  • Reopen Baseline
  • Change project configuration
  • View baseline tool settings

In addition to the members of the Baseline admin group, all instance administrator (members of the system group Admin group) have the permissions of the Baseline admin group.

Definition of the permission groups

On the Administration page in the Baseline Dogu you can view the currently defined names of the authorization groups. You can use the Administration menu item to the left of your user name to open the Administration page in the Baseline Dogu if you have the necessary rights to do so.

Fixed element group

On this page you will find the most important information about the permission groups.

Using the icon next to the name of the respective permission group, you can copy the name of the permission group directly to the clipboard.

The role names are predefined by default. However, via the configuration of the Baseline Dogu in etcd you can rename them according to your wishes via the command cesapp edit-config baseline:

  • Baseline reader: Via <baseline_path>/groups/readers you can optionally assign a name for the baseline reader group.
  • Baseline editor: Using <baseline_path>/groups/editors, you can optionally assign a name for the baseline editor group. By default, "baselineEditors" is assigned.
  • Baseline admin: Using <baseline_path>/groups/admins you can optionally assign a name for the baseline admin group.

The groups are defined as a string.

Assigning permission groups

To assign permissions to users for the Baseline Dogu, create the corresponding groups manually in the User Management. Then assign the users as desired.

Please note that the groups must have the same name as defined in the configuration of the Baseline Dogu.