Role based access control
Overview
Role based access control allows for assigning users custom permissions within ION for creating/updating/deleting data. Existing roles are unchanged, and can be modified. See here for information on the migration.
The ION data model allows for abstracting permissions to roles to make them easier to administrate.
Permissions are assigned to roles, and roles can either be assigned directly to users or to users through teams. See the data model below.
Let's take an example. Let's say that you want to control the permissions of creating runs to the manufacturing engineering team. You'd also like manufacturing engineers to have access to create and update inventory. The warehouse team will have access to create and update inventory as well.
A recommended approach for doing this in ION would be:
Create a new role for
Run creator
Assign the appropriate permissions to role
Create the teams:
Manufacturing engineering
andWarehouse.
Assign the correct roles to the teams, which in this case will include
Run Creator
and theinventory
role, which already exists in ION.
5. Assign the correct staff to each team
6. Go forth and prosper with your newly administered roles
Admins
Users with the role admin
will have permissions to do any and all things within ION. Use judiciously!
No permissions
If a user does not have permissions to perform an action, they will get the a message listing the permission required, see example below. Permissions are required for any create/update/delete action in ION.
Special cases
Redlining on the frontend requires that you have access to the
updateRedline
PermissionPutting a step on hold or canceling a step requires the same access as completing a step:
updateRunStep
Bulk updates
We've prepared some bulk update python scripts here for managing users, roles, and teams to help make it easier to administer.
Last updated