Manage user access
Table of Content
- Manage permissions overview
- View details of a permission
- Add a new permission
- Edit a permission
- Delete a permission
Introduced in December 5, 2022 Release .Stat Suite JS spin
Manage permissions overview
The Data Lifecycle Manager provides a user-friendly graphical interface to manage user access rights to the content of the .Stat Suite data spaces. The related ‘Manage permissions’ page is accessible from the DLM main menu. Behind the scenes, the DLM communicates with the AuthorisationManagement web service, which allows retrieving, inserting, updating and deleted user permissions. For more information about the usage and parameters of this API, see here.
The DLM ‘Manage permissions’ menu item is shown only when the authenticated user has any “Manage permissions” rights for at least one internal data space.
The ‘Manage permissions’ page shows a list of user permissions that the authenticated user is allowed to view and/or manage.
Permissions are listed with the following information in columns:
- ID: the permission ID as generated by the Authorization Management service
- User: the user email address or group name preceded by a user or group icon
- Dataspace: any internal dataspace
- Type: any SDMX artefact type
- Agency: any SDMX structure maintenance agency ID
- Artefact: any SDMX structure ID
- Version: any SDMX structure version number
- Permission: the name of the corresponding granular permission or standard role; otherwise it displays “Special permissions”
- Actions: icons for “Edit” and “Delete” a permission
If one permission listed applies to all values of the corresponding parameters (User, Dataspace, Type, Agency, Artefact, or Version), then it is mentioned as ’*’ (ANY).
The multi-selection filters on the left side of the list are generated depending on the content of the list and allow to filter by:
- permission type
Note that all single values are filterable except for all (’*’ (ANY)).
The list of permissions is paginated, and a feature at the top of the list allows navigating from page to page, or jumping to the next, previous, first or last page.
View details of a permission
When clicking on the row of a permission, it is highlighted in orange and a window with details about the permission opens. All content is greyed and non-editable. The top area contains the information of the permission as listed in the overview, and the area below contains 2 tabs:
- Standard roles
- Granular permissions
See more about standard roles and granular permissions in the Add new permission section.
Clicking on “Cancel” at the footer of the window closes it.
Add a new permission
The button “Add new permission” on the top right corner of the permission page allows creating a new permission. Clicking on it will open the “Add new permission” window, similarly to the “View permission” window with empty fields.
The window shows the following editable fields:
- User: text field for user email address or group name
- Dataspace: dropdown list of internal dataspaces for which the user has “Manage permission” rights
- Type: dropdown list of SDMX artefact types
- Agency: text field for any SDMX structure maintenance agency ID
- Artefact: text field for any SDMX structure ID
- Version: text field for any SDMX structure version number
- Standard roles: contains a list of roles that are defined by the organisation or by default as combined granular permissions in the default DLM configuration, each listed with a name and a definition. The last row contains the option for “Special permissions” which is always greyed and non-editable since auto-managed by the DLM. It is auto-ticked in case the user has selected granular permission(s) that do not correspond to any pre-defined standard role. Otherwise, if the user has selected granular permissions in the “Granular permissions” tab that correspond to a specific set of roles, then those roles are automatically pre-selected.
- Granular permissions: contains a list of granular permissions. Each granular permission is listed with a name and a definition. If standard roles were selected then the related granual permissions are automatically pre-selected.
Clicking on “Cancel” closes the popup without saving any new user permission.
Clicking on “Save” closes the popup after saving the new permission (through the Authorisation Management web service). Once the permission is saved, it appears in the main view list together with a green “Successful addition of new permission” indication in the top of the list.
Note that the “Add new permission” popup will be prefilled with the same settings previously saved in the current user session.
If I want to add a “full control” role to a user on a dedicated data space, but restricted only to one maintenance agency:
If I then want to create some additional permissions for the same user on a second maintenance agency but with a restricted role of ‘Managing data’, then I will need to add an extra new permission with the following:
Edit a permission
When clicking on the “Edit” pencil icon on the right side of a permission, the row is highlighted in orange and the popup “Edit permission #ID”, similar to the “Add new permission”, will open. All top fields are greyed and non-editable because it is not possible to change the “scope” of an existing permission, only the role(s)/permissions.
Clicking on “Cancel” closes the popup without saving any modification.
Clicking on “Save” closes the popup after saving the modification(s) made on the permission.
Delete a permission
When clicking on the “Delete” trash bin icon on the right side of a permission, the row is highlighted in orange and a dialog popup appears. A message with the permission ID requests the user to confirm the deletion of the permission.
Clicking on “Cancel” closes the popup without deleting the permission.
Clicking on “Delete” closes the popup after deleting the permission and removing it from the list.