Operations gives various users the abilities to perform various operations with system objects. The system of Roles and privileges is the mechanism that is used to manage and control the provision of such abilities.
Each operation involves certain objects. Therefore, the logical way of allowing users to do something is to require users to have specific permissions to perform certain operations on the objects involved. For example, to be able to create a new domain the user has to be given the necessary permissions, including the permission to create domains.
There are basic security notions you should be familiar with when dealing with permissions and operations:
- Privilege is a named permission to execute certain operations on certain objects. For example, the Domains Management privilege allows for creating and managing domains. Privileges are defined system-wide in the Operations initial installation or upgrade and cannot be modified.
-
Role is a set of privileges. Its purpose is to group privileges and assign them to different users. One Role can be assigned to several users and several Roles can be assigned to the same user simultaneously. If a Role is modified, all users assigned this Role are influenced at the same time.
Note: After a user's Role is modified, changes take effect only upon their next login to Operations.
There are two ways for the Role to appear in the system:
- You create a Role manually.
- When you add a new account in the system, a default Administrator Role for this account is assigned automatically. Such Roles are defined for all newly created accounts and assigned to the account Staff Member created with the account; this Staff Member gets all the privileges defined by the Administrator Role.
Roles are created for particular types of accounts. This is because different sets of privileges are applicable to different types of accounts.