(Update with the copy of version: draft) |
(Update with the copy of version: draft) |
||
| Line 4: | Line 4: | ||
As a Designer Administrator, you can control the resources that users have access to through '''Partition-Based Access Control (PBAC)'''. With PBAC, you can create a partition and assign certain resources to it. In Designer, "resources" are the various objects used during interaction sessions, such as [[ApplicationsBar|Applications]], [[SharedModulesBar|Shared Modules]], [[DesBusinessHours|Business Hours]], [[SpecialDays|Special Days]], [[EmergencyFlags|Emergency Flags]], [[DataTables|Data Tables]], [[SpeechGrammarsBar|Speech Grammars]], and [[MediaResources|Media]] and [[MessageResourcesBar|Message Resources]]. | As a Designer Administrator, you can control the resources that users have access to through '''Partition-Based Access Control (PBAC)'''. With PBAC, you can create a partition and assign certain resources to it. In Designer, "resources" are the various objects used during interaction sessions, such as [[ApplicationsBar|Applications]], [[SharedModulesBar|Shared Modules]], [[DesBusinessHours|Business Hours]], [[SpecialDays|Special Days]], [[EmergencyFlags|Emergency Flags]], [[DataTables|Data Tables]], [[SpeechGrammarsBar|Speech Grammars]], and [[MediaResources|Media]] and [[MessageResourcesBar|Message Resources]]. | ||
| − | For each partition, you can then select the users who will belong to it. Users will only be able to see and manage those resources that are assigned to the partitions they belong to | + | For each partition, you can then select the users who will belong to it. Users will only be able to see and manage those resources that are assigned to the partitions they belong to. |
| − | + | {{NoteFormat|You can also use PBAC to [[DataTables#Optional_Restrictions|control which resources are displayed to users in drop-down lists]] when setting up columns with ''enumeration'' data types in Data Tables.|2}} | |
| + | |||
| + | All user permissions defined by their assigned [[Security|roles]] within Designer remain in effect, and each user's PBAC details are stored in their Workspace settings and retrieved during login. | ||
| + | |||
| + | This video provides a quick overview of how PBAC works: | ||
{{#widget:Vimeo|id=276555313|width=500}} | {{#widget:Vimeo|id=276555313|width=500}} | ||
| − | Watch this | + | Watch this video to see an example of how PBAC can be set up: |
{{#widget:Vimeo|id=276554045|width=500}} | {{#widget:Vimeo|id=276554045|width=500}} | ||
| − | {{NoteFormat|By default, PBAC works by inclusion. If a user is not assigned any partitions, it is assumed that PBAC is not in effect for that user and they will have access to ALL resources, including those that have partitions assigned to them. Similarly, if a resource is not assigned any partitions, it is considered a public resource that is accessible to ALL users.}} | + | {{NoteFormat|By default, PBAC works by '''inclusion'''. If a user is not assigned any partitions, it is assumed that PBAC is not in effect for that user and they will have access to ALL resources, including those that have partitions assigned to them. Similarly, if a resource is not assigned any partitions, it is considered a public resource that is accessible to ALL users.}} |
In general, partitioning can be set up as follows: | In general, partitioning can be set up as follows: | ||
| Line 31: | Line 35: | ||
* Marketing | * Marketing | ||
| − | Then add users as members | + | Then add users as members of their appropriate partitions: |
* John to Finance | * John to Finance | ||
| Line 38: | Line 42: | ||
* Jason to Sales and Marketing | * Jason to Sales and Marketing | ||
| − | Remember | + | '''Remember:''' Users who are Designer Administrators do not need to be assigned to a partition as they already have full access. |
You can then assign certain resources to each partition: | You can then assign certain resources to each partition: | ||
| Line 47: | Line 51: | ||
* Resource D to "none" (remember that non-assigned resources are visible to ALL users) | * Resource D to "none" (remember that non-assigned resources are visible to ALL users) | ||
| − | This | + | This diagram illustrates the relationships between the users, resources, and partitions described in this example: |
[[file:des_pbac_example.png|600px]]- | [[file:des_pbac_example.png|600px]]- | ||
| Line 63: | Line 67: | ||
After the partition is added, you can use the '''edit users''' action to select the users who can access it: | After the partition is added, you can use the '''edit users''' action to select the users who can access it: | ||
| − | {{NoteFormat|Users who are also Designer Administrators don't need to be assigned to partitions as they already have full access. Even if they are assigned to partitions, they will continue to see all resources | + | {{NoteFormat|Users who are also Designer Administrators don't need to be assigned to partitions as they already have full access. Even if they are assigned to partitions, they will continue to see all resources.|2}} |
[[file:des_admin_partitions_addusers.gif|800px]] | [[file:des_admin_partitions_addusers.gif|800px]] | ||
Revision as of 13:10, August 28, 2019
Partitions
Use the settings on the Partitions page to manage partitions, resources, and users.
As a Designer Administrator, you can control the resources that users have access to through Partition-Based Access Control (PBAC). With PBAC, you can create a partition and assign certain resources to it. In Designer, "resources" are the various objects used during interaction sessions, such as Applications, Shared Modules, Business Hours, Special Days, Emergency Flags, Data Tables, Speech Grammars, and Media and Message Resources.
For each partition, you can then select the users who will belong to it. Users will only be able to see and manage those resources that are assigned to the partitions they belong to.
All user permissions defined by their assigned roles within Designer remain in effect, and each user's PBAC details are stored in their Workspace settings and retrieved during login.
This video provides a quick overview of how PBAC works:
Watch this video to see an example of how PBAC can be set up:
In general, partitioning can be set up as follows:
- Define a private partition. Assign it to all resources that you intend to control using PBAC. You can leave out any resources that should remain globally visible.
- Don’t assign this partition to any users. This private partition will ensure that resources under partitioning control will NOT be visible to a user who has at least one partition defined.
- For each department, set up a dedicated partition and assign it to users from that department. Then assign each partition to the resources those users need access to. (Here's an example.)
- New resources inherit the partitions of the users who created them, and remain accessible only to users who belong to that partition.
For example...
You might create a partition for each of the following departments:
- Sales
- Finance
- Marketing
Then add users as members of their appropriate partitions:
- John to Finance
- David to Marketing
- Kristen to Sales and Finance
- Jason to Sales and Marketing
Remember: Users who are Designer Administrators do not need to be assigned to a partition as they already have full access.
You can then assign certain resources to each partition:
- Resource A to Finance
- Resource B to Marketing
- Resource C to Sales
- Resource D to "none" (remember that non-assigned resources are visible to ALL users)
This diagram illustrates the relationships between the users, resources, and partitions described in this example:
-
Partitions tab
Use this tab to add or manage partitions and select the users who can access them.
For example, to add a new partition called Sales:
After the partition is added, you can use the edit users action to select the users who can access it:
Users tab
Use this tab to view the list of users and manage their assigned partitions.
For example, to assign user_sales to the Sales partition and remove them from Finance:
Resources tab
Use this tab to view the list of resource types and their associated partitions.
For example, let's say the Business Hours resource regularhours is already associated with the Service and Sales partitions, but now we want to also associate it with Marketing:
