Provisioning involves mapping users to content. It’s a simple concept that gets complicated by the abstract notion of groups. Provisioning ends up becoming the aggregation of permissions across three different groupings of users: Domains, Roles, and Users.
A specialized group of users in the system which allows for uniqueness.
The other side of the provisioning equation is content. Content equates to “Pages” in the system. Pages are organized into a hierarchical tree structure in order to make the provisioning task more straightforward.
Provisioning is a layered concept, and an Administrator’s focus can shift based between those layers based on the task at hand:
The user interface accommodates these different perspectives via the Manage By selector.
The user interface allows you to shift the unit of focus for the provisioning page via the Manage By pull-down. This allows an administrator to provision content from a variety of different perspectives.
The Manage By drop-down supports the following parameters, which map to the different ways users can be grouped in the system:
See Domains for more information.
Selecting Manage By: Roles updates the left panel to display the list of Roles currently configured in the system. You can modify the list of Roles using the available controls in the footer. Selecting a Role in the left panel provides context to the tabs in the right panel, allowing you to provision both Content and Users from the perspective of a Role.
Note that the Secured Variables and Credentials tabs are missing from the Roles perspective. This is because individual Users can belong to multiple Roles, and that could cause conflicts when evaluating Secured Variable and Credentials. These elements must be configured from either the Domain or User perspective.
Roles may also be configured to provide administrative access for users at less than the Full Admin rights. For instance, roles may grant permissions to create users in certain domains. This concept is described as “Partial Admin”.
See Roles for more information.
Users represent the individual users in the system. Edge does not permit provisioning of Content directly to Users, because it can create a maintenance nightmare. It is considered best practice to provision content using Domains and Roles, and then manage access via each User’s membership in those Domains and Roles. If the special case arises that you want to provision Content to a specific individual User, create a Role with only the single User assigned to that Role, and then provision the Content to that Role.
See Users for more information.
See “Defaults” for more information.
Edge ships with one Domain, two Roles, and one User: