The Access Control tab is used to configure access control/authorization for the core CapStorm applications (CopyStorm, CopyStorm/Medic, CopyStorm/Restore, and CopyStorm/Director). The Access Control editor table can be used to add new and edit existing CapStorm application users and assign pre-defined roles to users. These pre-defined roles will determine the level of access (available functionality) granted to the assigned user when using the aforementioned supported applications.
NOTE: This functionality is disabled if using the desktop Swing GUI version of the application suite. In this case, the Access Control tab will be grayed out.
Click on the “Add User…” button.
This will open a pop-up dialog where you can enter the following:
- Username — a unique username.
- Password — a strong password.
- Enabled — this checkbox determines whether the user will be enabled or disabled upon creation.
Then click the “Save” button to add the user.
After adding a user, you can assign the user a role.
Four pre-defined roles are available:
- Super Admin — a top-level administrative role. A user with this role can perform any operation in any application including configuration of Access Control.
- Admin — a slightly restricted administrative role. A user with this role can perform any operation in any application except configuration of Access Control.
- Configurator — a user with this role can edit configurations for all applications except CopyStorm/Director, but cannot invoke any of the applications (cannot run jobs).
- Viewer — this role is primarily for auditing purposes. A user with this role can view configurations for any application, but cannot edit configurations or invoke any of the applications (cannot run jobs).
The “Production Enabled” check-box will enable/disable any operation that is allowed by the assigned role against a production database or Salesforce org. For example:
- A user that has been assigned the “Configurator” role but has the “Production Enabled” check-box unchecked cannot edit a production configuration.
A user can be enabled/disabled by clicking the “Is Enabled” check-box or deleted by clicking the “Remove” button.
When you are finished making changes to the Access Control configuration, click the “Save Changes” button at the bottom of the editor table. A pop-up dialog will appear where you can validate and confirm/deny all staged changes.
You can also undo all staged changes by clicking the “Undo Changes” button.
Access Control Database Schema
The Access Control configuration is stored and reflected in a sub-schema of the CopyStorm/Director database schema that consists of the following five tables and a single view:
- user_group_authorities_view (view)
These tables, and the view, are required for the functionality of the Access Control subsystem to function properly.