Rights and Roles
Find an overview of the rights users get via their roles in yuuvis® architect and yuuvis® Momentum client as reference implementation.
Table of Contents
Introduction
Rights management in yuuvis® architect is based on the default roles. It is not yet possible to configure yuuvis® architect to enable access via custom roles.
>> Default Roles
Depending on the description of the position and tasks, employees work with different data, functions, and tools. User rights for access to data, functions, and applications in accordance with the employees’ fields of duties and responsibility are grouped into roles in the client application and yuuvis® architect. In this way, users with the same fields of duties and responsibility also have the same rights in the system.
Users can view the roles assigned them via their settings.
Roles for Users and Administrators
The following roles can be assigned to users of yuuvis® Momentum client as reference implementation and yuuvis® architect in order to manage their permissions. Users can view the roles assigned to them in the settings menu.
Role | Permissions in yuuvis® Momentum client as reference implementation | Permissions in yuuvis® architect |
|---|---|---|
| YUUVIS_DEFAULT | Users have full access to all objects. | no impact |
| YUUVIS_MANAGE_SETTINGS | Users are allowed to customize the global standard configurations for hit lists and filters in the settings menu. Those standards will be the default settings for (new) users that have not saved their own user-specific standard configurations so far. | As of 2022 Autumn, users can manage other users of their own tenant but cannot assign the roles YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR to them. Furthermore, users with one of those two roles cannot be edited or deleted. |
| YUUVIS_SYSTEM_INTEGRATOR | Administrative object information is provided to users in the metadata forms of any object in the system. | Users can modify metadata forms in the metadata aspect area for any object type defined in the global system schema or in an app-specific schema. Users can customize the localization of the labels associated with object types defined in the global system schema or in an app-specific schema. Users can add or delete users of their own tenant and assign roles to them. |
| YUUVIS_TENANT_ADMIN | Administrative object information is provided to users in the metadata forms of any object in the system. | Users can modify metadata forms in the metadata aspect area for any object type defined in the tenant-specific schema. Users can customize the localization of the labels associated with object types defined in the tenant-specific schema. Users can add or delete users of their own tenant and assign roles to them. |
| YUUVIS_MULTI_TENANT | Users with accounts in multiple tenants can easily switch between their tenants via Switch tenant instead of a conventional logout. | Users with accounts in multiple tenants can easily switch between their tenants via Switch tenant instead of a conventional logout. |
Custom Roles
The roles listed above are provided as default for yuuvis® Momentum client as reference implementation and yuuvis® architect. yuuvis® Momentum allows for the definition of custom roles as well. But be aware that you will not be able to use yuuvis® architect. Instead, you can build your own administrative tool based on the API-WEB Service (Web-API Gateway).
>> Defining Roles for a Library-based Client
Summary
Rights management in yuuvis® architect is based on the same role set that is used for yuuvis® Momentum reference client. Administrators need the YUUVIS_TENANT_ADMIN role to manage object types of the tenant (tenant-specific schema) or YUUVIS_SYSTEM_INTEGRATOR role to manage object types of the system (system-schema) including applications (app-schemas). Each of the two roles enables administrators to add or delete users of their own tenant and assign roles to them.