6.5.4.Defining specific permissions of a role assignment
Specific permissions = user permissions which allow to manage only certain (specific) objects of the selected tenant (e.g. certain jobs of TECH-ARROW tenant only)
Objects = specific objects (databases, schedulers, jobs etc.) of the selected tenant
Specific permissions can be granted to various objects of the selected tenant(s): jobs, repository items (databases, storages, aliases, retentions, shortcuts and Exchange connections), schedulers and also to the processed contentACCESS data (e.g. permission to manage the archive mailbox). The administrator decides, which objects of which tenants will be able the user (with the given permissions) to manage. Specific permissions of a role assignment can be granted on the Assign specific permissions page. Only the objects with “Specific allowed” permissions are listed on this page (e.g. if Tech-Arrow tenant was selected, then Tech-Arrow’s jobs, repositories etc. with “Specific allowed” permissions are displayed).
To define specific permissions open the Assign specific permissions page. The page can be opened:
- From the Create/invite user dialog when creating/inviting a user;
- From the Role assignment dialog (user’s “Assign role” context menu option) when assigning a role to an already existing user.
In one of the above mentioned dialogs, select the predefined role with the specific permissions, and then select a tenant, of which specific objects the user will be allowed to manage. When a given role is assigned to a user, the “All allowed” permissions and the manage tenant specific permission is assigned to the user. contentACCESS verifies, if there are any specific permissions defined in the respective role. If any specific permissions are found, the user is automatically redirected to the Assign specific permissions page (see below), where he can select the objects that the given user will be allowed to manage:
>Tenant administrator role with specific permissions on the selected archive mailboxes