.Stat Suite documentation

Manage permissions

Table of Content


Introduced in December 5, 2022 Release .Stat Suite JS spin

Manage permissions overview

The DLM allows managing users’ permissions in the Manage permissions page accessible from the DLM main menu. The related menu item is shown only when the authenticated user has any “Change permissions” rights for for at least one internal data space.
The “Manage permissions” page shows a list of user permissions that the authenticated user is allowed to view and/or manage.

Permissions are listed with the following information in columns:

  • ID: the permission ID as generated by the Authorization Management service
  • User: the user email address or group name preceded by a user or group icon
  • Dataspace: any internal dataspace
  • Type: any SDMX artefact type
  • Agency: any SDMX structure maintenance agency ID
  • Artefact: any SDMX structure ID
  • Version: any SDMX structure version number
  • Permission: the name of the corresponding granular permission or standard role; otherwise it displays “Special permissions”
  • Actions: icons for “Edit” and “Delete” a permission

If one permission listed applies to all values of the corresponding parameters (User, Dataspace, Type, Agency, Artefact, or Version), then it is mentioned as ’*’ (ANY).

The multi-selection filters on the left side of the list are generated depending on the content of the list and allow to filter by:

  • space
  • user/group
  • agency
  • permission type

Note that all single values are filterable except for all (’*’ (ANY)).

The list of permissions is paginated, and a feature at the top of the list allows navigating from page to page, or jumping to the next, previous, first or last page.

DLM permissions overview


View details of a permission

When clicking on the row of a permission, it is highlighted in orange and a window with details about the permission opens. All content is greyed and non-editable. The top area contains the information of the permission as listed in the overview, and the area below contains 2 tabs:

  • Standard roles
  • Granular permissions

See more about standard roles and granular permissions in the Add new permission section.

Clicking on “Cancel” at the footer of the window closes it.

DLM permissions view


Add a new permission

The button “Add new permission” on the top right corner of the permission page allows creating a new permission. Clicking on it will open the “Add new permission” window, similarly to the “View permission” window with empty fields.
The window shows the following editable fields:

  • User: text field for user email address or group name
  • Dataspace: dropdown list of internal dataspaces for which the user has “Manage permission” rights
  • Type: dropdown list of SDMX artefact types
  • Agency: text field for any SDMX structure maintenance agency ID
  • Artefact: text field for any SDMX structure ID
  • Version: text field for any SDMX structure version number
  • Standard roles: contains a list of roles that are defined by the organisation or by default as combined granular permissions in the default DLM configuration, each listed with a name and a definition. The last row contains the option for “Special permissions” which is always greyed and non-editable since auto-managed by the DLM. It is auto-ticked in case the user has selected granular permission(s) that do not correspond to any pre-defined standard role. Otherwise, if the user has selected granular permissions in the “Granular permissions” tab that correspond to a specific set of roles, then those roles are automatically pre-selected.
  • Granular permissions: contains a list of granular permissions. Each granular permission is listed with a name and a definition. If standard roles were selected then the related granual permissions are automatically pre-selected.

DLM permissions add new

Clicking on “Cancel” closes the popup without saving any new user permission.
Clicking on “Save” closes the popup after saving the new permission (through the Authorisation Management web service). Once the permission is saved, it appears in the main view list together with a green “Successful addition of new permission” indication in the top of the list.

DLM permissions add new success

Note that the “Add new permission” popup will be prefilled with the same settings previously saved in the current user session.

Example

If I want to add a “full control” role to a user on a dedicated data space, but restricted only to one maintenance agency:

DLM permissions add new example

If I then want to create some additional permissions for the same user on a second maintenance agency but with a restricted role of ‘Managing data’, then I will need to add an extra new permission with the following:

DLM permissions add new example


Edit a permission

When clicking on the “Edit” pencil icon on the right side of a permission, the row is highlighted in orange and the popup “Edit permission #ID”, similar to the “Add new permission”, will open. All top fields are greyed and non-editable because it is not possible to change the “scope” of an existing permission, only the role(s)/permissions.

Clicking on “Cancel” closes the popup without saving any modification.
Clicking on “Save” closes the popup after saving the modification(s) made on the permission.


Delete a permission

When clicking on the “Delete” trash bin icon on the right side of a permission, the row is highlighted in orange and a dialog popup appears. A message with the permission ID requests the user to confirm the deletion of the permission.
Clicking on “Cancel” closes the popup without deleting the permission.
Clicking on “Delete” closes the popup after deleting the permission and removing it from the list.

DLM permissions delete