Setting up Access Control

From Datonis
Jump to: navigation, search
Datonis Documentation Home > Setting up Access Control

Introduction

Access Control allows you to control who does what on Datonis. Access control is based on two entities.

  • User: A user with valid credentials.
  • Role:Every user belongs to a single Role at any point in time. A role governs what level of access the user has.

The user that first signs up for the Datonis account is the administrator of that account. You'll notice that the user is assigned the Account Admin role automatically. This user cannot modify the assigned role. Neither can this user be deleted. Roles can only be created by an Account Admin.

The number of roles and users that can be created for your account is governed by your license. Your license can be viewed under the Settings menu.

Account Admins

Account Admins has unfettered access to Datonis and is the only role that can do user/role management in Datonis. There can be multiple Account Admin roles for an account. An account admin can also modify the details of another Account Admin and can change their role as well. The only restriction placed is that an Account Admin cannot change their own role.

Normal users cannot change their role. They need to ask Account Admins to do it for them.

Creating a Role

Here is a video that shows you how a role can be created.

Some additional details about roles.

  • Roles can only be created if your role is Account Admin. You can see your role under Settings → User Profile.
  • Datonis comes with a few pre-existing roles.
    • Account Admin: The account admin role that cannot be edited or deleted. Multiple users can be account admins.
    • Agent:This is the role used by the Agent to push data to Datonis. Key-pairs used by the Agent are mapped to this role. This role cannot be modified or deleted.
    • Read Only: A useful role that provides read only access to Datonis.
  • A user can only be assigned to one role at a time.

Inviting a User

Here is a video that shows you how to invite additional users to Datonis.

Audit Trails

All major actions performed on Datonis is backed up by an Audit Trail. Account Admins have access to Datonis wide audit trails by default. Other users have access to Audit Trails on entities that they have access too. For instance, if you have access to Things, you will also have access to audit trails of Things.

To access Audit Trails (Account Admins only), you can select the Audit Trail option under Access Control.

  • The Audit Trail view will show you a list view of the entity name, its type, the user and role that changed the entity and the time it was changed.
    • For instance if you have added a Thing, an audit trail entry will show up which indicates that you have added a Thing. It will also show your role and the time when you added it.
    • Audit trails are visible for any Create, Read, Update and Delete actions on Thing Templates, Things, Roles, Users, Access Keys, Rules, Groups and Instructions.
  • You can view the details of the change by clicking on the View Differences or View Diff icon on Action Links column of the audit trail.
    • The Diff view will show a side by side view of the entity before the change on the left and after the change on the right.
  • All changes will be highlighted by a red box. For instance, if you have changed the name of a Thing, the change will be highlighted

You can also look at Audit Trails for individual entities in their list view. For instance, the Thing Template list view will have an audit trail icon in the Actions column next to the Thing Template. Click that to view the Audit Trail for the Thing Template.