Project Permissions

The admin user account we used to log in bypasses the normal project permissions applied to regular users, because admin is the superuser. The superuser can not be a member of any group, and has an unrestricted access to all projects.

To change the admin password and create new users and groups, go to the Admin tab and then click the Users and Groups tab. The security model is role based, that is after you create a user, you must add this user to one or more groups, which are associated with specific roles in one or more projects.

Create DEVELOPER group, then create a user dev and add this user to the DEVELOPER group. Try to log in with this user credentials. You should see the following screen:

User not mapped

For non-administrator users, permissions are based on the user's group membership. The dev user is a member of the group DEVELOPER, and since we have not given users in the DEVELOPER group access to any projects, they are not able to log in.

To allow the dev user to log in, we must log in as administrator and go to the Projects tab which is a sub tab of the Admin tab. It looks like this:

Initial project permissions

In the Permission column, there are 0 permission mappings.

Click Edit to open the Edit Project dialog box and go to the Permissions tab. There is a grid with columns Project Role, and Security Group. A project role determines a set of actions that may be performed inside the Management Console, such as uploading robots, creating schedules, viewing logs etc. Within a project you assign a project role to a security group. That way, all users of the selected security group will be able to perform the actions allowed by the assigned project role.

Click Add Permission to add permissions in this project. This adds a new line to the grid, and inserts a dropdown box allowing us to select a project role. Select the project role developer. Now double click in the Security Group column and select the DEVELOPER security group (of which our dev user is a member). It should look like this:

Adding project permissions

Now click Save.

All members of the DEVELOPER group can now perform the actions allowed by the role developer.

Lets log in as the dev user and see how the permissions are reflected in the Management Console. You log out by clicking the menu button in the upper right corner, then log in as the dev user. Now go to the Logs tab, select the RoboServer log in the left pane. Notice how the delete button is disabled, and hovering gives a tooltip message that you do not have permissions to delete RoboServer messages.

View logs but not delete

You can assign multiple roles to the same security group, and you can assign the same role to multiple security groups. If a user holds multiple roles, he can do anything that at least one of the roles allow. With multiple projects in Management Console, users of different projects can be completely separated by assigning their groups to project-specific roles.

The predefined roles are suggestions, but you can add any number of additional roles, or change the existing roles to fit your needs.

Actions that can be performed on the Settings, Backup and License tabs (sub tabs to Admin) are only available to users that are members of the Administrator group.

For using your LDAP user accounts, see the Advanced Configuration>LDAP Integration topic.