Permissions
There are two different types of permissions, static permissions and resource permissions. Resource permissions control who has access to a report or endpoint. While static permissions give base access to functions. Both permissions are needed to perform an action on a specific resource.
Static permissions
Static permissions are granted per user or user group, in the OmniFi Admin application.
Web permissions section in OmniFi Admin
Static permissions limit what pages a user has access to in OmniFi Web, as well as what functions the user has access to.
Static permission description
| Permission | Description |
|---|---|
| Web/Administer | Designates the user as Web Administrator, allowing full control over content and full access to administration and configuration tools. |
| Web/Reports/Execute | Allows execution of reports in OmniFi Web. (Specific per-report execute permission is still required). |
| Web/Reports/Modify | Allows the user to create reports. Makes the user eligible for Modify permission on specific reports. In order to modify a specific report, the user must have this permission as well as Modify on the specific report. |
| Web/Reports/Administer | Allows the user to create, modify and delete report groups, and to move reports between groups. |
| Web/Schedules/Administer | Allows the user to create, modify and delete schedules. |
| Web/Schedules/Create Tasks | Allows the user to create tasks. |
| Web/API/Administer | Grants full access to modify API items. (Web/Schedules/Create Task is required to schedule API updates). |
| Web/API/Execute | Allows the user to execute API Endpoint Functions. |
| Web/API/Modify | Allows the user to create and modify API Endpoints. |
| Web/API/Read | Allows the user to read API Endpoints. |
| Web/Data Mart/Administer | Grants full access to modify DataMart models and tables. (Web/Schedules/Create Task is required to schedule table loads). |
Report permissions
Report permissions (Read, Execute, Modify) are granted per report, and limit the access users have to that specific reports.
E.g. access to execute a report is limited by both the static permission Reports/Execute and the Execute report permission.
Users granted Reports/Execute must have personal logins to the systems where data is fetched from.
Endpoint permissions
Endpoint permissions give access to data published via OmniFi API. They can be used to grant access to endpoints without grant access to the source report.
Page access
Available pages are controlled by static permissions. The page functionality also depends on the specific resource permission.
Report functional access
Report access is controlled by static and report permissions.
Read User Configuration
A read user should typically be able to read report logs, but not execute reports. Read users require the following permissions.
| Static Permissions | Resource Permissions |
|---|---|
| Read |
'Read' users require no static permissions, and only Read permission to each report.
Execute User Configuration
A user that needs to run reports and view the results require the following permissions.
| Static Permissions | Resource Permissions |
|---|---|
| Web/Reports/Execute | Read |
| Execute |
'Execute' users require the static Execute permission , as well as Read and Execute permissions to each report.
Report tasks functional access
Schedule and task access is controlled by static and report permissions.
Schedules are administered centrally, their definitions only available under static permissions Web/Schedules/Admin or Web/Administer.
Report task results can be viewed by anyone with Read permission to the underlying report. Creating and modifying report tasks, on the other hand, require both access to executing the report (via static and resource permission), as well as the static _Create Task _permission.
Execute User Configuration
A user that should be able to read and execute tasks require the following permission configuration.
| Static Permissions | Resource Permissions |
|---|---|
| Web/Reports/Execute | Read |
| Execute |
Create Task User Configuration
A user that should be able to create and execute tasks require the following permission configuration.
| Static Permissions | Resource Permissions |
|---|---|
| Web/Reports/Execute | Read |
| Web/Schedules/Create Task | Execute |
API functional access
API access is controlled by static, report and endpoint permissions.
Creating and managing endpoints requires Web/API/Administer static permission, without additional resource permissions.
Using endpoints through the OmniFi Access API requires both static and resource permission, either to the endpoint or to the underlying report. Snapshot endpoints require Read permission, whereas Function and Import endpoints require Execute permission.
Read User Configuration
A user that should be able to read but not execute API endpoints require the following permission configuration:
| Static Permissions | Resource Permissions |
|---|---|
| Web/API/Read | Endpoint/Read |
Or:
| Static Permissions | Resource Permissions |
|---|---|
| Report/Read |
Execute User Configuration
A user that should be able to read and execute API endpoints require the following permission configuration.
| Static Permissions | Resource Permissions |
|---|---|
| Web/API/Read | Endpoint/Read |
| Web/API/Execute | Endpoint/Execute |
Or:
| Static Permissions | Resource Permissions |
|---|---|
| Report/Read | |
| Report/Execute |
Data Mart functional access
Creating and modifying Data Mart models and tables requires the static permission Web/Data Mart/Administer, and no resource permissions.
To be able to add new reports data sets, the static Web/Data Mart/Administer permission is required.
Updated about 1 year ago