YOUnite User Interface: Permissions to Screen Components

Users in a zone that have POST and PUT permissions to the zone’s Groups and Roles endpoints can enable UI features for other users.

The UI features can be enabled/disabled based on the issuer’s effective permissions.

For more on permissions see the Zones, Users, Groups, Roles and Permissions guide.

For the complete list of YOUnite permissions see the Permissions Reference.

Background

Mapping Resource URI to Resources

The feature permissions in this guide are listed by Resource URI however in the YOUnite UI they are listed by Resource.

The Permissions Reference contains a table that provides mapping between the two.

Path Equivalency

Permissions for a UI feature must be what is shown in REQUIRED PERMISSIONS or greater. For example:

ALL /api/zones is greater than GET /api/zones
GET /api/zones/* is greater than GET /api/zones
POST /api/zones/*/adaptors is greater than POST /api/zones/a450d61a-4b6b-468d-8b39-95433fd95af9/adaptor

Path Variables, Permission Wildcards and Resource Criteria

Some paths below contain the following path variables:

current-zone-uuid

The UUID of the zone selected in the upper left of the UI

current-group-id

The UUID of the specific group

current-adaptor-uuid

The UUID of the specific adaptor

current-domain-uuid

The UUID of the specific data domain

current-dr-uuid

The UUID of a specific data record

Wildcard for any resource at the current endpoint. For example, /api/domains/? means ANY data domain.

Wildcard for ANY resource and ALL resources beneath the current endpoint. For example, /api/domains/* means any data domain and ALL endpoints beneath /api/domains such as /api/domains/domain-uuid/versions.

In the YOUnite UI, feature permissions are described in the format of:

Resource [Resource Criteria]

Where the Resource Criteria is optional. The resource criteria for a resource is described in the table below.

path variable

uuid

A specific identifier for a resource that is typically a UUID. For example, if a resource contains {zoneUuid} in its path, then the target zone’s uuid is to be supplied.

ANY

Wildcard for any resource at the current API endpoint. For example, /api/domains/? means ANY data domain.

ALL

Wildcard for ANY resource and ALL resources beneath the current API endpoint. For example, /api/domains/* means any data domain and ALL API endpoints beneath /api/domains such as /api/domains/domain-uuid/versions.

Page Navigation

Entire pages can be enabled or disabled by controlling certain permissions.

Disable the following navigations if the user does not have the required permissions or greater (this also applies to the corresponding navigations in the left navigation bar).

Zones

REQUIRED PERMISSIONS

ANY of the following:

GET /api/zones
GET /api/zones/current-zone-uuid

Users, Groups & Roles

REQUIRED PERMISSIONS

ANY of the following:

GET /api/zones/current-zone-uuid/users
GET /api/zones/current-zone-uuid/groups
GET /api/zones/current-zone-uuid/roles

Adaptors

REQUIRED PERMISSIONS

ALL of the following:

GET /api/zones/current-zone-uuid
GET /api/zones/current-zone-uuid/adaptors

Gold & Silver Adaptors

REQUIRED PERMISSIONS

ALL of the following:

GET /api/zones
GET /api/zones/current-zone-uuid/adaptors
GET /api/zones/current-zone-uuid/adaptors/settings/domain-version-adaptor-preferences
GET /api/domains/versions

Domains

REQUIRED PERMISSIONS

ALL of the following:

GET /api/domains
GET /api/domain/versions

Data Access

REQUIRED PERMISSIONS

ALL of the following:

GET /api/drs
GET /api/domains

Governance

REQUIRED PERMISSIONS

ALL of the following:

GET /api/zones
GET /api/drs
GET /api/domains
GET /api/zones/current-zone-uuid/adaptors
GET /api/domain/*/versions or GET /api/domain/versions/?

And ANY one of the following:

GET /api/zones/current-zone-uuid/outbound-acls
GET /api/zones/current-zone-uuid/inbound-acls
GET /api/zones/current-zone-uuid/acls/metrics
GET /api/zones/current-zone-uuid/acls/dry-run

Zones Page

Enable ADD ZONE only if:

POST /api/zones

Enable View Adaptors only if:

GET /api/zones/current-zone-uuid/adaptors
GET /api/zones/current-zone-uuid/adaptors/?

Enable View Users, Groups and Roles if (ANY of the following):

GET /api/zones/current-zone-uuid/users
GET /api/zones/current-zone-uuid/groups
GET /api/zones/current-zone-uuid/roles

Users, Groups and Roles Page

Page Tabs

Enable Users only if:

GET /api/zones/current-zone-uuid/users

Enable Groups only if:

GET /api/zones/current-zone-uuid/groups

Enable Roles only if:

GET /api/zones/current-zone-uuid/roles

Users Tab

Enable ADD USER button only if:

POST /api/zones/current-zone-uuid/users

Enable UPDATE ROLES button only if:

POST /api/zones/current-zone-uuid/roles

Groups Tab

Enable ADD GROUP button only if:

POST /api/zones/current-zone-uuid/groups

Enable UPDATE GROUP button only if:

POST /api/zones/current-zone-uuid/groups/current-group-id/users

Roles Tab

Enable ADD ROLE button only if:

POST /api/zones/current-zone-uuid/roles

Enable ADD PERMISSION button only if:

POST /api/zones/current-zone-uuid/permissions
GET /api/zones/current-zone-uuid/permissions/?

Adaptors Page

Enable CREATE ADAPTOR button only if:

POST /api/zones/current-zone-uuid/adaptors

Enable PAUSE ALL ADAPTORS / PLAY ALL ADAPTORS buttons only if:

PATCH /api/zones/current-zone-uuid/adaptor/?
GET /api/zones/current-zone-uuid/adaptors

Enable PAUSE / PLAY ADAPTOR Icon only if:

PATCH /api/zones/current-zone-uuid/adaptors/?

Enable DELETE ADAPTOR Icon only if:

DELETE /api/zones/current-zone-uuid/adaptors/current-adaptor-uuid

Enable "EDIT ADAPTOR* Icon only if:

PUT /api/ones/current-zone-uuid/adaptors

Enable "ADAPTOR CREDENTIALS* button only if:

GET /api/zones/current-zone-uuid/adaptors/current-adaptor-uuid/registration

Enable "UPDATE METADATA* button only if:

PUT /api/zones/current-zone-uuid/adaptors/current-adaptor-uuid
GET /api/zones/current-zone-uuid/adaptors/current-adaptor-uuid

Enable “UPDATE CAPABILITIES* only if:

PUT /api/zones/current-zone-uuid/adaptors/current-adaptor-uuid
GET /api/zones/current-zone-uuid/adaptors/current-adaptor-uuid

Gold and Silver Adaptors Page

Enable radio buttons for adaptor only if either:

PUT /api/zones/current-zone-uuid/settings/domain-version-adaptor-preferences/?, or
PUT /api/zones/current-zone-uuid/settings/domain-version-adaptor-preferences/current-adaptor-uuid

Domains Page

Enable ADD DOMAIN button only if:

POST /api/domains

Enable ADD DOMAIN VERSION button only if:

POST /api/domains/current-domain-uuid/versions

Data Access Page

Enable Assemble Data Record Icons only if:

GET /api/drs/?
GET /api/drs/current-dr-uuid

Enable Assemble Metadata Icon and Assembled Meta Data Tab only if:

GET /api/zones/zone-uuid/adaptors

Enable COMPARE Button in Assembled Meta Data Tab only if:

GET /api/drs/?

Note: Button is disabled if only one adaptor is on the list.

Governance Page

Enable ADD ACL Button for the following tabs:

Outbound ACL Tab

POST /api/zones/current-zone-uuid/outbound-acls

Inbound ACL Tab

POST /api/zones/current-zone-uuid/outbound-acls

Dry Run Tab

POST /api/zones/current-zone-uuid/acls/dry-run

Metrics Tab

GET /api/zones/current-zone-uuid/acls/metrics