Provisioning

Overview #

Provisioning involves mapping users to content.  It’s a simple concept that gets complicated by the abstract notion of groups.  Provisioning ends up becoming the aggregation of permissions across three different groupings of users:  Domains, Roles, and Users.

Users and Groups #

Concept
Description
Domain

A specialized group of users in the system which allows for uniqueness.

All users in Edge must belong to a Domain, and it’s the combination of User and Domain that identifies a unique user to the system.
Role Roles are an abstract grouping mechanism, geared toward assigning consistent content across Domains.
User This represents individual users in the system.

Content and Groups #

The other side of the provisioning equation is content.  Content equates to “Pages” in the system.  Pages are organized into a hierarchical tree structure in order to make the provisioning task more straightforward.

Concept
Description
Folder A grouping of Pages.
Page A collection of Visualizations.

The Provisioning User Interface #

Provisioning is a layered concept, and an Administrator’s focus can shift based between those layers based on the task at hand:

  • One day an Administrator might be interested in an individual user in the system.
  • Another day, an Administrator might be focused an entire Domain of users.

The user interface accommodates these different perspectives via the Manage By selector.

The “Manage By” Selector #

The user interface allows you to shift the unit of focus for the provisioning page via the Manage By pull-down.  This allows an administrator to provision content from a variety of different perspectives.

The Manage By drop-down supports the following parameters, which map to the different ways users can be grouped in the system:

Parameter
Description
Domains Selecting Manage By: Domains updates the left panel to display the list of Domains currently configured in the system. You can modify the list of Domains using the available controls in the footer. Selecting a Domain in the left panel provides context to the tabs in the right panel, allowing you to provision both Content and Users from the perspective of a Domain.

See Domains for more information.

Roles

Selecting Manage By: Roles updates the left panel to display the list of Roles currently configured in the system. You can modify the list of Roles using the available controls in the footer. Selecting a Role in the left panel provides context to the tabs in the right panel, allowing you to provision both Content and Users from the perspective of a Role.

Note that the Secured Variables and Credentials tabs are missing from the Roles perspective. This is because individual Users can belong to multiple Roles, and that could cause conflicts when evaluating Secured Variable and Credentials. These elements must be configured from either the Domain or User perspective.

Roles may also be configured to provide administrative access for users at less than the Full Admin rights. For instance, roles may grant permissions to create users in certain domains. This concept is described as “Partial Admin”.

See Roles for more information.

Users Selecting Manage By: Users updates the left panel with a list of Users in the system. You can modify the list of Users with the available controls in footer. Selecting a User in the left panel provides context to the tabs in the right panel, allowing you to provision Roles from the perspective of a User.

Users represent the individual users in the system. Edge does not permit provisioning of Content directly to Users, because it can create a maintenance nightmare. It is considered best practice to provision content using Domains and Roles, and then manage access via each User’s membership in those Domains and Roles. If the special case arises that you want to provision Content to a specific individual User, create a Role with only the single User assigned to that Role, and then provision the Content to that Role.

See Users for more information.

Defaults Defaults represent the concept of “Globals” in the system.

See “Defaults” for more information.

Stock Domains, Roles, and Users #

Edge ships with one Domain, two Roles, and one User:

User
Password
Domain
Roles
Provisioned Content
admin admin default administration, AllUsers Everything (all items in the Content Menu, System Menu, and Admin Menu)