Customization of user permissions

About default permissions

In Miradore, permissions are primarily defined by adding a user or user group as a member of a built-in Miradore group. This is a simple and quick way to grant a predefined set of permissions for selected users or user groups. The default permissions of different built-in user groups are described in more detail on Miradore system permissions by user roles page.

Custom permissions

Often, when a user or user group is added to some Miradore group, it enables multiple new permissions for the user or group at once, which may not be the intention. To solve this, it is possible to use item permissions for defining custom permissions for different users. This means that, with the help of item permissions, it is possible to limit or expand the user's default access to asset configuration items.

As a result, permissions management can be performed in a more accurate and customizable manner since it's not necessary to add the user or group to some another user group(s) to grant the desired permissions. Instead, it is possible to choose the permission type (read/write) to be granted and then select the user(s) to whom the permission is desired to be granted.

How to define item permissions

Item permissions are managed in Administration > Permissions >Item permissions view.

By default, there is at least one permission item which grants the read access to all assets for the members of operators, helpdesk operators, network operators, and readers group. If needed, you can modify the user groups to which this permission is granted, or you can limit the read access to apply to a smaller group of assets. You can also give users a write access to certain assets using the item permissions. By doing so, you don't need to make the user as Editor.

Good to know
 

• Item permissions do not have an effect to the following permissions:

• Miradore administrators and editors always have full read and write permissions to all configuration items in Miradore.

Example: Limiting users' read access to asset configuration items

By default, many user groups have read access to all asset configuration items in Miradore Management Suite. This short example demonstrates how you can block their access to all asset configuration items, and instead, give them access to some limited subset of managed asset configuration items.

1. Navigate to "Administration > Permissions > Item permissions view. Open the item permission whose description says "Default read permissions for assets".
   
   

2. In the General section, you see that this item grants a read permission to asset configuration items. Then in the "Permission holders" section, you can see the user groups who have this access right. Switch to edit mode and remove "Operators" from the "Groups" field.
   
   

3. After that, members of Operators user group don't have read access to any asset configuration items in Miradore Management Suite. You can think it as a default setting for users in operator role.

4. However, most probably there are users with operator role, who should have a read access to either all asset configuration items or a some certain subset of all managed assets. For this purpose, you need to create custom user groups as child groups for the "Operators" user group and then grant the appropriate access rights to those custom user groups. Do this by creating new Group items and configuring them as members of the Operators group. Also remember to activate the user groups that you created, and add users to the groups.
   
   

5. When you have created the needed user groups, go back to Item permissions view and create a corresponding permission item for each of those groups that you created. One item permission item per each custom user group that you created. You can add create permission items with the toolbar button.
   
   

6. Configure all of the item permission items as described below. First, make sure that you are granting a read access to asset configuration items.
   
   

7. Then use the filters to define the asset configuration items that the permission holders are allowed to read. For example, "Location = Helsinki" means that the permission holders are allowed to read asset configuration items which are assigned to location Helsinki, but not any other asset configuration items. Notice that, if you add multiple filters here, the permission holders will get a read access to asset configuration items which match with all the defined filters.
   
   

8. Lastly, choose one of your custom user groups to the "Permission holders > Groups" field, and save the item. After that, the members of the entered user group are able to read asset configuration items defined in the filters section, but they don't have read access to any other asset configuration items. If you wish, you can also grant the access right to an individual user by adding the user to the "Users" field.
   
   

How a user can see his/her item permissions

Miradore user's item permissions are displayed on Account settings form, which is accessible from the My info panel in the navigation menu of Miradore (picture).

Picture: Item permissions are shown in My account settings

Additional information

System permissions by user roles

Related to

Users and permissions

 

---

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.