1. Home
  2. Deployment Guides
  3. Innomesh RBAC Authorisation Guide
Searching...

Innomesh RBAC Authorisation Guide

Contents

This article aims to guide all environment holders in setting up new users and managing their permissions within the Portal and Room Manager environment. It specifically addresses the implementation of the Role-Based Access Control (RBAC) feature introduced in Innomesh version 3.3.0.

To access RBAC, navigate to the Innomesh Portal and select the “Administration” option from the dropdown menu by hovering over your name in the top right corner of the page.

Hovering over your name on Portal will give you the option to select Administration

Once on the Administration page, you will need to click on “Users” from the dropdown menu under “Users” to access the RBAC options, as shown below:

Users

In the Users section, administrators have the ability to view and edit specific user roles or assign groups to users. This allows administrators to restrict a user’s access based on the predefined configurations of the assigned group.

When hovering over the right side of a user, the options for editing and deleting become visible.

Engaging in user editing within the RBAC feature.

When attempting to edit a user, you can view the following information in this section: the user’s details, including their Single Sign-On (SSO) provider and the date they initially requested an account as shown below:

User requests an account by attempting to log in with their SSO or SAML account which shows you their details in the Users list without any prior permissions.

Roles

You can edit a user’s roles by selecting from the pre-configured roles provided by your administrator.

Assigning roles to a user overrides the configured permissions of the assigned groups.

Choose your configured role permissions from the dropdown menu.

User Group

The user group dropdown option enables you to choose a specific configured group.

Choose your configured group from the dropdown menu.

User Groups

User Groups are groupings by which users can be categorised. User Groups can represent organisations, departments, and specialisations. Within the user group, you have the ability to create or delete a specific group.

Please note that the User Group section is not the location to set permissions and access within your environment. The “Roles” tab is responsible for permissions and access control.

Creating a Group

You can start the group making process by clicking “Create New” as shown in previous photo which would lead you to a window as shown below:

Roles

Roles define how much access a user has into the Innomesh Room Manager and Portal. Each Role defines a fine list of access permissions into various sections of Room Manager and Portal, as well as which campus and which User Groups’ rooms the user is allowed to access. Roles are enforced on the user when they next log in.

In this section, you can create, edit, and delete your desired roles. This is the core aspect of RBAC, empowering you to configure all permissions, including those associated with specific groups.

Creating a Role

Please avoid deleting default Innomesh roles, as these are essential for Innomate/UXT support in your environment. Modifying their permissions may impact associated staff.

To create a new role, click the “New Role” button, as shown in the previous image. This action will open a window, presenting the necessary options for configuring a role:

Creating a role named “Testing Role”

General

Within the General tab, you can manage and set up the role’s general access to the platform. Below are descriptions of each option:

User Group Resource Access

This determines which User Group’s rooms this role can access.

  • The “All” option grants users access to edit every group’s rooms.
  • With the “Own User Group” option, users can only access and edit rooms within their own user group, as demonstrated below. (eg. Testing Group for user John Smith)
  • The “Custom” option allows you to select specific user groups that you would like this role to access as shown below:

Please note that User group does not define the role/access permissions to the platform.

Site Access

Site Access determines which site this role can access. It can be set to “All” if the corresponding option is selected, or it can return an array of sites if “Custom” is chosen.

Please note that “Vitals” and “Insights” dashboards do not support site filtering at this time.

Please note that sites may not be specifically configured for your environment. If you wish to request or inquire about setting up site filters for your environment, you can contact our support team here.

Live Chat Access

Choose “Yes” or “No” based on your preferences for users with this role to access via live chat.

Room Manager

This tab allows you to configure and restrict this role to determine what users can view and edit within the Innomesh Room Manager.

Demonstrating the Room Manager tab during the creation of a role.
Administration Access

This field enables you to customise what this role can do within Innomesh’s administration section.

  • The “All” option allows the user to view and access all of the following:
    • Zones (rotate hosts, view logs)
    • Zones (view zones)
    • Hosts (view hosts)
    • Access Administration
    • Hosts (manage hosts)
  • The “View only” option permits users to only view all of the above.
  • The “None” option restricts users from accessing administration sections.
  • The “Customise” option enables you to select the fields you would like the user to view and access as demonstrated below:
Rooms Access

This field allows you to configure the permissions for this role within the Room Manager’s “Rooms” tab.

  • The “All” option allows the user to view and access all of the following:
    • Edit third-party room configurations
    • Create and delete rooms
    • Launch remote UI panel
    • View rooms
    • Edit room information
    • Create and delete third-party rooms
    • Edit room configuration
    • Expose all room options
  • The “View only” option permits users to only view all of the above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab, as illustrated below:
Templates Access

This field allows you to configure the permissions for this role within the Room Manager’s “Templates” tab.

  • The “All” option allows the user to view and access all of the following:
    • Edit information template association
    • Edit template room options
    • Edit third-party template configurations
    • Create and delete templates
    • Edit template configuration
    • Create and delete third-party templates
    • View templates
  • The “View only” option permits users to only view all of the above.
  • The “None” option restricts users from accessing the templates tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the templates tab, as illustrated below:

Portal

This tab enables you to define and limit the role’s scope in terms of what users can view and accomplish within the Innomesh Portal

Hotlist Access

This field allows you to configure the permissions for this role within the Portal’s “Hotlist” tab.

  • The “All” option allows the user to view and access all of the following:
    • View “Low” severity alerts
    • Claim alerts
    • View “Medium” severity alerts
    • View Hotlist
    • View “Critical” severity alerts
    • Manage alerts
    • View “Suppressed” severity alerts
    • View “High” severity alerts
    • View “Notice” severity alerts
  • The “View only” option permits users to only view all of the above.
  • The “None” option restricts users from accessing the Hotlist tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Hotlist tab, as illustrated below:
Vitals Dashboard Access

This field allows you to configure the permissions for this role within the Portal’s “Vitals Dashboard” tab.

  • The “All” option allows the user to view all of the following:
    • View Vitals Custom dashboard
    • View Vitals Compliance dashboard
    • View Vitals Network dashboard
    • View Vitals Infrastructure dashboard
    • View Vitals Pulse dashboard
    • View Vitals VNOC dashboard
    • View Vitals Rooms dashboard
  • The “View only” option permits users to view all of the above.
  • The “None” option restricts users from accessing the Vitals Dashboard tab.
  • The “Customise” option allows you to choose the specific fields that the user can view within the Vitals Dashboard tab, as illustrated below:
Room Management Access

This field allows you to configure the permissions for this role within the Portal’s “Rooms” tab.

  • The “All” option allows the user to view and action all of the following:
    • View rooms
    • Manage rooms
  • The “View only” option permits users to view all of the above.
  • The “None” option restricts users from accessing the Rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view or action within the rooms tab, as illustrated below:
Room Information Access

This field allows you to configure the permissions for this role within the Portal’s “Information” tab.

  • The “All” option allows the user to view and action all of the following:
    • Edit room information
    • View room information
  • The “View only” option permits users to view all of the above.
  • The “None” option restricts users from accessing the Information tab.
  • The “Customise” option allows you to choose the specific fields that the user can view or edit within the information tab, as illustrated below:
Insights Dashboard Access

This field allows you to configure the permissions for this role within the Portal’s “Insights Dashboard” tab.

  • The “All” option allows the user to view all of the following:
    • View “Proactive Support” dashboard
    • View “Consumption” dashboard
    • View “Alerts” dashboard
    • View “Rooms” dashboard
    • View “Custom” dashboard
    • View “Usage” dashboard
  • The “View only” option permits users to view all of the above.
  • The “None” option restricts users from accessing the Insights Dashboard tab.
  • The “Customise” option allows you to choose the specific fields that the user can view or edit within the Insights Dashboard tab, as illustrated below:
Asset Management Access

This field allows you to configure the permissions for this role within the Portal’s “Assets” tab.

  • The “All” option allows the user to view and action all of the following:
    • View assets
    • Perform asset operations
    • Manage assets
  • The “View only” option permits users to view all of the above.
  • The “None” option restricts users from accessing the Asset tab.
  • The “Customise” option allows you to choose the specific fields that the user can view, edit or trigger within the Asset tab, as illustrated below:
Administration Access

This field allows you to configure the permissions for this role within the Portal’s “Administration” section.

  • The “All” option allows the user to view and action all of the following:
    • Access administration
    • User administration access
    • Role administration access
    • View logs
    • Manage assets and asset profiles
    • Trigger “Change Mode”
  • The “View only” option permits users to view all of the above.
  • The “None” option restricts users from accessing the Administration section.
  • The “Customise” option allows you to choose the specific fields that the user can view, edit or trigger within the Administration section, as illustrated below:

Feel free to reach out to Support Team if you have any questions or inquiries regarding the setup of specific roles within your environment.

Tagged:

Related Articles