Permissions Between Organizations
Goal
To grant an organization limited access to a peer organization.
Setup
User accounts can be configured for restricted access to peer organizations by assigning a custom permission profile. This avoids the need to nest organizations in a parent/ child dynamic, which would grant full administrative access to user accounts in the parent organization.
Overview
The following example refers to sub-organizations of "Trade Demo," as depicted above. User accounts belonging to the "Operations" organization require limited access to devices in "Staging" and "Production" -- they need to be able to move routers between orgs as routers leave the configuration lab (staging) and go out for deployment (production), but access to other aView features should be disabled.
After adding roles with the relevant abilities to each target organization (e.g. Staging and Production), selective access can be granted to users in the "Operations" org based off of the shared permissions.
For assistance with creating new Organizations in Accelerated View, please click here.
Roles with Limited Abilities
Organizations are populated with an administrative role by default. Admins should have access to all aView abilities, which isn't always the appropriate level of access for a given set of tasks.
Additional roles can be created to provide selective account permissions for users. To do so:
- Navigate to the Organizations screen using the main menu.
- Select Roles from the Actions menu of the organization intending to grant selective access. This will be either "Staging" or "Production" per the example outlined in the overview.
- Click the Create button to add a new role -- be sure to only include abilities that are relevant toward the limited access.
NOTE: The screenshot above has a secondary role, called "Ops," which will be used to grant limited access to users in other peer organizations.
Permissions for Other Organizations
After creating custom access to an organization by defining a limited role, the permissions can be granted to other organizations.
- Navigate to the Organizations screen using the main menu.
- Select Permissions from the Actions menu of the organization intending to receive selective access. This will be "Operations" per the example outlined in the overview.
- Click the Create button to add new permissions to the organization.
- Using the Organization pull-down menu, select the organization that is granting limited access.
- Select the new role -- created in the first section of this document -- via the Description pull-down.
- Verify the relevant Abilities are listed and click Create Permission to finalize the configuration change.
Assigning Permissions to Users
Once an organization has been granted permission to a peer organization, its users can be granted access to the peer organization.
- Navigate to the Users screen using the main menu.
- Select the intended user account by clicking on its email address or the Edit button.
- Browse to the Permissions tab of the user account.
- Click Create to add access to the peer organization, selecting the relevant Organization and Role per the intended scope of access.
- Select Create Permission to finalize the configuration change. The user is now able to interface with the peer organization per the Abilities that correspond to the organization's entry in the permissions table.