Within the Platform, you can define Viewer and Admin permissions in different management areas, whether in the Tenant, Environment, or Workspace.
In order to set up granular permissions, ensure that you configure the Tenant IDP first.
About Permissions
The Permissions tab enables you to apply access rights to various levels of the Platform. There are two levels of access permissions:
Admins have full administrative capabilities within the Environment to create, modify, and delete entities at that level
Viewers have access to a full view of all data-related objects managed within the Environment.
Note: Permissions can only be defined when using an external IDP. Changes affecting Permissions may take up to 15 minutes to take effect in the Platform.
For more information, see Platform Permissions.
Permission levels are managed on the Settings screens and can be applied at the following levels:
Tenant
Environment
Identity Workspace
Authorization Workspace
Orchestration Workspace
Tenant Level Permissions
At the Tenant Level, there is only an Admin level. Users with this level of permissions have full administrative capabilities within the Tenant, including all Environments and Workspaces.
Environment Level Permissions
At the Environmental Level, there can be both Admin and Viewer users.
Workspace Level Permissions
At the Workspace Level, users can be given either Admin or Viewer permissions to one or more Workspaces. At this level, Admin permissions give the user full administrative capabilities only within the specified Workspace. Similarly, Viewer permission gives the user a full view of all data-related objects managed within the specific Workspace only.
When generating a Workspace, the permission settings are inherited by the Environment to ease the user onboarding experience. In cases where those permissions need to be changed, you can reconfigure them in the relevant Workspace Settings page.
Editing Permissions
At the Environment and Workspace levels, IT Admins can modify which users get Admin Permissions (allowing them to perform any Admin operations) to the Environment and which get Viewers permissions (restricting them to view-only).
To edit Permissions:
Access the Settings screen where you wish to modify the Permissions (Environment, Identity Workspace or Authorization Workspace).
Select the Permissions tab. The Permissions screen opens.
Click Edit. The fields become editable.
In either (or both) of the available sections, enter the Name(s) or Group(s) for those individuals or groups that should be granted Admin Permissions and Viewer Permissions.
When you finish making the changes, click Save.