Permissions

This is still a draft version.

Permissions

The following tables list all supported permissions under Mobingi RBAC across all namespaces.

  • The permissions are hierarchical. Any user with permissions in the higher hierarchy will have permissions in the lower hierarchy as well. For example, Admin will have all permissions in the respective namespace.

  • Some permissions can have resources filter. Empty filter will mean all resources allowed. Resources filter also follow the same hierarchical logic and only Allow effect is supported as of now.

RBAC permissions

The following table lists the permissions supported under RBAC management. RBAC permissions belong to the rbac namespace.

Permission

Description

Resources Supported

Admin

No restrictions. Root user, by default, has this permission.

|--ModifyRoles

Allowed to modify RBAC roles.

|--ModifyUserRoles

Allowed to modify user-role mappings.

|----ReadOnly

View RBAC permissions, roles, and mappings.

Wave permissions

The following table lists the permissions supported under RBAC for Wave. Wave permissions belong to the wave namespace.

Permission

Description

Resources Supported

Admin

No restrictions. Root user, by default, has this permission.

|--ReadAccount

View account list only.

Accounts

|--ModifyAccountSettings

Allowed to modify account level settings.

Accounts

|----ReadAccountSettings

View account level settings only.

Accounts

|--DownloadBulk

Allowed to download bulk CSV.

|--ModifyGroups

Allowed to modify groups.

Account groups

|----ReadGroups

View groups only.

Account groups

|--ReadInvoice

View invoices only

|--ReadRi

View RIs only

|--ReadSavingsPlan

View savings plan only

|--ModifySettings

Allowed to modify global Wave settings.

|----ReadSettings

View global Wave settings only.

|--ModifyTags

Allowed to modify tags.

|----ReadTags

View tags only.

Ripple permissions

The following table lists the permissions supported under RBAC for Ripple. Ripple permissions belong to the ripple namespace.

Permission

Description

Resources Supported

Admin

No restrictions. Root user, by default, has this permission.

|--ModifyBillingGroup

Allowed to modify billing group settings.

Billing groups

|----ReadBillingGroup

View billing group only.

Billing groups

|------ModifyAccount

Allowed to modify account section settings.

Billing groups

|--------ReadAccount

View account section only.

Billing groups

|------ModifyInvoice

Allowed to modify invoice section settings.

Billing groups

|--------ReadInvoice

View invoice section only.

Billing groups

|------ModifyInvoiceSettings

Allowed to modify invoice settings.

Billing groups

|--------- ReadInvoiceSettings

View invoice settings only.

Billing groups

|------ModifyReseller

Allowed to modify reseller section settings.

Billing groups

|--------ReadReseller

View reseller section only.

Billing groups

|--ModifyCustomField

Allowed to modify custom field settings.

|----ReadCustomField

View custom field settings.

|--ModifyCustomService

Allowed to modify custom services settings.

|----ReadCustomService

Read custom service settings only.

|--ModifyInvoiceTemplate

Allowed to modify invoice templates.

|----ReadInvoiceTemplate

View invoice templates only.

|--ModifyOriginalCost

Allowed to modify original cost settings.

|----ReadOriginalCost

Read original cost only

|--ModifyProject

Allowed to modify projects.

|----ReadProject

Read projects only.

|--ReadReport

Read reports only.

|--ModifyRi

Allowed to modify RI section settings.

|----ReadRi

View RI section only.

|--ReadSavingsPlan

Read savings plan only.

|--ModifySettings

Allowed to modify global Ripple settings.

|----ReadSettings

View global Ripple settings only.

|--ModifyTags

Allowed to modify tags.

|----ReadTags

View tags only.

User permissions

The following table lists the permissions supported under user management. User permissions belong to the user namespace.

Permission

Description

Resources Supported

Admin

No restrictions. Root user, by default, has this permission.

|--ModifyUsers

Allowed to modify user attributes.

|----ReadOnly

View user information, including API clients.

Last updated