Unimus
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Unimus v2.5 and newer

Account with restricted access can reach one of the following outcome based on Access Policy which is set to it.

  • Object is not visible
  • Object is visible but not manageable (read only)
  • Object is visible and fully manageable

Each existing account must contain an access policy that is assigned by the administrator during account creation and that can be changed by that role at any time.

Unimus provide 2  general object-based policies and 2 additional policies that handle access to objects based on tag restrictions:

  • All objects
  • No objects
  • All objects with tag exceptions
  • No objects with tag exceptions

In version 2.5, ownership has also been extended from devices to zones and tags, which should ensure that even users with limited access can create and view the previously mentioned objects.

For a complete list of all Unimus features which can be access restricted as well as more detailed information please check the Object Access Policies article.

Unimus v2.4 and older releases

Accounts with restricted access will not see devices they don't have access to in any parts of Unimus.
Zones which are not tagged with any tags that the account has access to will also not be visible.

For a complete list of all Unimus features which will be access restricted, please check the Device access restrictions article.

Since Unimus uses a tag-based approach to per-device access restriction, there are a few specific behaviors that can benefit from clarification.

  • Operator level accounts can NOT delete Tags - this is a security measure as deleting Tags can have an effect on access policies
    (for example, deleting a tag that is the only tag restricting access for an account would remove access restrictions from an account - see below)

By default, accounts have access to all devices present in Unimus.
When device access restrictions are applied to an account, this causes some specific behavior:

  • all tagging operations (in "Device tags", "Devices > Tags", "Zones > Manage tags", etc.) for access restricted accounts are limited to only tags the account has access to
    (an access limited account can only tag and untag with tags associated with that account)

  • access restricted accounts can only see Zones which have tags they have access to
    (only zones tagged with at least one tag the account is restricted with will be visible in the 'Zones' view)

 

  • No labels