Access Control
In the Tacnode product, users and roles are distinct entities. Users are primarily for system login and identity verification, while roles manage permissions within the platform. Their relationship is illustrated in the following figure:
User
On the Tacnode platform, users must register using their email. The registered account can then be used to log in to the platform or database instance.
Role
The Tacnode role is another account object. As an identity, it is linked to a set of permissions. Currently, the role is a built-in object by default. When a user creates a resource instance on the Tacnode platform, the system creates an associated role object for the resource. Users can manage the resource instance's access control in a detailed manner through the [Access Control] function.
Definition
In Tacnode, a role is a collection of operation permissions for a specific object. For example, the admin role shown in the figure below has read, write, and update permissions for the contract object with ID dc00000001. Users can grant other users corresponding permissions by adding them to the admin role.
Role Inheritance Tree
Roles can achieve more refined permission management through the combination of permissions. For example, a Viewer role may only have read permissions, while the Admin role has both read and write permissions. In this case, the Admin role can inherit the Viewer role, as shown in the following figure:
Contract Role Management
The contract rights management module allows users to manage roles in detail. The following is a list of manageable roles:
| Role | Effect | Description |
|---|---|---|
admin@{id}.contracts | Contract Role Management | The user has the authority to manage the contract, including the capacity to add and remove users from roles associated with the contract and the privileges associated with all other roles. |
viewer@{id}.contracts | Contract Subscriber | The user holds read-only permissions concerning the Contract object. |
dc_creator@{id}.contracts | Data Clouds Management | The user is empowered to create and eliminate Data Clouds objects and retains the permissions of the viewer role. |
billing_admin@{id}.contracts | Billing Management | Individuals assigned the billing_admin role possess the permissions associated with the billing_viewer role. |
billing_viewer@{id}.contracts | Billing Subscription | Users designated with the billing_viewer role are entitled to subscribe to contract billing information and possess the permissions of the viewer role. |
Note: The naming convention for roles is ShortName@Resource, where ShortName refers to the role abbreviation and Resource indicates the resource locator. In a clearly defined context, the system ShortName displays role information in the specified format.
Contract Permission Management
After logging in to the Tacnode platform, click [Contract] - [Specific Contract ID] - [Permission Management], as shown below:
Contract Role Relationship Tree View
The role relationship view bound in the Contract resource is as follows:
Add and Delete Users in the Contract Role
Adding Users
- Click [Contract] - [Specific Contract] - [Permission Management] to open the permission management panel
- Click [Authorize User] on the right side of the corresponding role.
- Enter the target user's email address in the pop-up window.
- Click the [OK] button
Deleting a User
- Click [Contract] - [Specific Contract] - [Permission Management] to open the permission management panel
- Click the red [x] icon on the right side of the corresponding user
- In the pop-up window, click the [OK] button