Managing roles
DataForge provides default manager and default user roles with predefined ACL rules. These roles are available for all companies and cannot be modified or removed. Additionally, custom manager and user roles can be created. Custom roles are associated with companies and are only accessible within the company in which they were created. Parent companies can view but not utilize them.
Navigate to Administration > Roles > Manager roles or Administration > Roles > User roles (depending on the type of role to manage) to access the list of existing roles. Here, default roles can be reviewed, new roles created, and existing roles modified.
Inspecting roles
Clicking a role card opens the Role configuration page. Default roles cannot be modified.
Creating new roles
To create a new role, click the blue plus:
- Name: Name of the user role.
- Company: Company in which the role is available.
- Description: Description of the user role.
Click Create to complete the process.
Configuring roles
To access the configuration, click the role card button.
Basic settings
At the top of the configuration page, the associated company is displayed. Below that, the role name and description can be changed.
General permissions
General permissions can be allocated using switches. Enabling a permission category overrides the settings of specific permissions, offering a broader approach.
- Can do anything: Grants global authorization, overriding all specific checks.
- Can see anything: Grants the
readpermission for all items.
Specific permissions
Specific permissions differ depending on the type of role: manager or user.
Manager
- Can assign roles: Create and assign roles to other users.
- Can impersonate: Impersonate other users.
- Can bypass support tokens: Bypass the requirement for a support token* when impersonating other users.
- Can use Zabbix admin calls: Perform administrative actions on the Zabbix server using the root user.
- Can modify quota: Manage modules and quotas.
- Can create reseller companies: Create a reseller company if the necessary permissions are granted (
Companies: create).
User
- Can use Zabbix Client: Access the Zabbix Client.
- Can manage push media: Manage the push notification service of IntelliTrend Mobile for Zabbix. Allows configuration of the required Zabbix user media.
ACL rule sets
Specific permissions are further subdivided into ACL rule sets. The available sets depend on the role type:
- Manager roles: Instance administration, Company administration.
- User roles: Reporting, Self Provisioning, AI.
Permissions are divided into Create, Delete, Modify, and Read. Each permission can have one of three states:
- Can Not: Prohibited.
- Can: Allowed.
- Can Grant: Allowed, and can also grant the permission to others.
To grant permissions to other roles, a role must itself have the necessary permissions to create or modify roles, found in Manager roles > Company administration > Roles.
Role overrides for user roles
A user can be a member of multiple user groups. Role overrides allow a user’s role to change depending on the group they act for.
For example, if a user is part of the group dfu_group:master@intellitrend.de and acts on behalf of that group, the user’s base role can be overridden with the admin role. The override impacts create, delete, and modify permissions but not read. These read permissions must be defined in the base role, even if overridden.
To configure role mapping, click New Role Override:
The user group acts as an identifier. If an imported user is a member of that user group, the user’s permissions are overridden by the assigned role (selected in the Role field).
Deleting roles
To delete a custom role, open the context menu and click Delete.