Database Mapper User Permissions
Introduction
Database Mapper permissions may be set at the user or group level. Users are not required to belong to a group and they may be assigned to multiple groups. A DEFAULTuser exists as a catch-all and initially has all permissions granted. See the sections below for accessing and customizing the permissions for your organization.
Accessing Permissions
- Select the Profile button from the top navigation menu.
- Select the Manage Permissions button from the options.
Permissions
Values
Granted
Represented by a green checkbox. When the permissions box is checked, then the permission is granted.
Denied
Represented by an X in a red square. When the permissions box is x'd out, then the permission is denied.
Unset
Represented by an empty square. When the permission box is empty, then the permission is unset.
General Permissions
Important: Group Permissions are applied to all users in the Group. Group Permissions display in the individual user accounts. In the example below, the User is in the Lots of Access group, which allows all General Permissions.
These are system-level permissions that are applied at the user or user group level. General permissions are not tied to specific solutions. They provide access to top-level functionality for the Organization.
Import Solution
Grants the ability to import a solution from DOC xPress.
Manage Agents
Grants the ability to install and configure remote agents.
If denied, the user:
- Can view the list of remote agents.
- Cannot perform Edit Description, Change Pool Assignment, Delete actions on the remote agents.
- Cannot perform Create, Edit, or Delete actions on the remote agent pools.
- Cannot perform Change Pool Assignment action for solutions or solution items.
- Cannot install a remote agent using their account.
Note: Changing pool assignments requires a combination of Manage Solutions and Solution Access.
Manage Data Dictionary
Grants the ability to configure the Data Dictionary.
If denied, the user:
- Can view the Categories, Global Entries, Value Lists, and Grid View pages for Data Dictionary.
- Cannot perform actions to Create, Edit, or Delete any Categories, Global Entries, or Value Lists.
Note: This permission does not control the ability to edit Data Dictionary values for a solution. See Data Dictionary Edit under the Securable Permissions section for available controls.
Manage Permissions
Grants the ability to access the Permissions page and edit permissions for the organization.
Note: The Manage Permissions option for the current user is disabled to prevent a user from removing their own ability to manage permissions. Since permissions can be inherited from other places, like Groups or via the DEFAULT user where that checkbox won’t be disabled, proposed changes will be validated and the changes will be rejected if they would result in the current user losing their Manage Permissions access.
Manage Solutions
Grants the ability to Add, Edit or Delete solutions via the Solution Configuration Tool and the ability to manage which Agent Pool is assigned for a solution.
Note: Changing pool assignments requires a combination of Manage Solutions and Solution Access.
Viewing Effective Permissions
Starting with version 2022.2, you can select a user or group and view their effective permissions. Select the desired User Id or Group and then select View Effective Permission to display the active permissions for that selection.
Securable Permissions
Securable permissions are those that that apply to specific objects (the securables) within the organization. In Database Mapper, this relates to restricting permissions on a per solution basis.
Securable permissions can be set:
- At the Organization level, which then inherit down to all solutions.
- At the Solution level, which overrides the permission set at Organization level
Note: The minimum permission required to be able to view a solution, is Solution Access. The extra permissions listed grant additional rights on the solution.
Data Dictionary Edit
Data Dictionary Edit grants the ability to edit the data dictionary values for a solution via the Documentation page or the Data Dictionary Grid View page. If denied, the data dictionary values are read-only.
Export
Export grants the ability to request an export. If denied, the Export button on the Solutions page is disabled.
Manage Endpoint Aliases
Manage Endpoint Aliases grants the ability to configure endpoints aliases for the solution. If denied, the Manage Endpoint Aliases button on the Solutions page and Lineage page is disabled.
Snapshot Request
Snapshow Request grants the ability to take a snapshot for the solution. If denied, the Configure Snapshot button on the Solutions page is disabled
Solution Access
Solution Access grants the ability to see the solution in the Solution Configuration Tool and Database Mapper. This is the minimum permission required to view the solution.
Order of Precedence
Permissions are checked in order of precedence starting at the most specific level (the user) then proceeding to the most general level as follows:
- User level permissions for the specific user. If none exist, then
- User group level permissions for specific user groups to which the user belongs. If none exist, then
- User level permissions for the DEFAULT user. If none exist, then
- User group level permissions for the DEFAULT user for the groups to which the DEFAULT user belongs.
Adding Users
Note:
- Users will be added to the list automatically the first time they access the Database Mapper site. They will inherit the DEFAULT permissions.
- The Add option allows you to add users with specific permissions before they access the site. If they have already accessed the site, follow the instructions for editing a user if you want to modify their permissions from the default.
- Regarding access:
- Database Mapper Cloud: This does not add a user to the organization. Users must already exist in the organization to access Database Mapper. Use Manage Users to add or remove users.
- Database Mapper Software: This does not grant access to Database Mapper. If someone is on the same domain as Database Mapper and can access the web server, then they can access the site by default.
To manually add a user's permissions:
- Select the Add option under the Users section.
- Enter a User Id.
- Note: For Database Mapper Cloud, this is the user's associated email address that matches the one used in Organization Settings. For Database Mapper Software, this is the user's associated Windows account (e.g. DOMAIN\username).
- Enter permission choices or leave as-is to accept the DEFAULT user permissions.
- Select the Save Changes option.
Success: You have added a user with the associated permissions.
Editing User Permissions
The Permissions page is in Edit mode by default.
To change permissions:
- Select a user from the User Id list.
- Edit General Permissions and Securable Permissions as needed.
- Select the Save Changes button (which is enabled when changes exist to save).
Success: You have updated the permissions for a user.
Note: Expand the Organization list to set permissions at the Solution level instead of the Organization level.
Deleting User Configurations
Note:
- Once a user is in the list for permissions, they cannot be fully deleted from the permissions page.
- Use the available permissions to control their access to Database Mapper.
- To remove access:
- Database Mapper Cloud: This does not delete a user from the organization. Use Manage Users within Organization Settings to block their access.
- Database Mapper Software: If someone is on the same domain as Database Mapper and can access the web server, then they can access the site by default. Use your Windows security policies to block access.