Understanding Profiles and Roles
Before you start working with Squore, it is essential to understand how access management works.
The various permissions and privileges that can be assigned to Squore users are grouped in profiles and
roles respectively. A set of default roles and profiles is available when you first start the server.
You can edit them, or create more as needed.
Use this simple trick to remember the different between a profile and a role:
- A Profile is a set of permissions granting access to certain Squore features to a user
- A Role is a set of privileges for a user within a Squore project.
A Squore user with the Administrator profile can manage users, their roles and profiles.
A Squore user with the Project Manager role for a project can create a new version
of this project or give access to another user to this project's analysis results.
You can use profiles to grant or deny access to the following Squore features:
- Manage Server: Configure the server, access server logs, manage all projects.
- Manage Users, Groups and Roles: Complete access to user management on the server.
- Use Capitalisation Base: Provides access to the Capitalisation Base feature to learn from past data in order to improve your model.
- Create Projects: Allows users to run analyses.
- View Models: Allows users to use the Viewer and the Validator.
- Modify Models: Allows users to use the Dashboard Editor and the Analysis Model Editor (beta).
- Use External Tools: View and use external tools configured by your Squore Administrator. To learn more about this feature, consult the Configuration Guide.
- Manage Configuration: Allows users to reload the server configuration from disk.
Three profiles are available by default, with permissions set as shown below:
Note that a profile can be assigned to a user or a group of users. It is therefore possible for a user be a member of
more than one profile. In this case, the user's profile is the combination of all permissions from all the profiles they
are a member of.
A role is the set of privileges that a user enjoys in the
context of a project.
You can use roles to allow users to undertake these actions within
the scope of a project:
- View Projects:
Allows a user to see a project in their project list and to
browse this project's analysis results.
- Manage Projects:
Allows a user to manage a project: rename it, create or delete
versions, access project creation log files and add other user
to the project team.
- Baseline Projects:
Allows a user to create a baseline version of a project that
will not be overwritten by a subsequent analysis. For more
information about baselining, see the section called “Working with Draft and Baseline Versions”.
- View Drafts of Projects:
Allows a user to view the current draft version of a project.
Without this privilege, only baseline versions of a project
are visible in the project portfolio. For more information
about baselining, see the section called “Working with Draft and Baseline Versions”.
- Modify Action Items:
Allows updating the status of Action Items from
TODO
to Relaxed
for example. Without this privilege, the status is displayed
as a read-only field. - Modify Artefacts Attributes:
Allows user to modify the value of attributes displayed in
the Forms tab of the Explorer. Without this privilege,
attributes are read-only.
- View Source Code: Allows
user to click to view the source code of an artefact from any
tab in the Explorer.
- Modify Artefacts:
Allows user to add, delete, relax, exclude artefacts from the artefact tree.
Users without this privilege, can still view artefacts created
by others.
Five roles are available by default, with privileges assigned as shown below:
Note that a user can have multiple roles in a project.
This allows a user to view the dashboard in the Explorer
as a user from another role would.
A View As option in the
option menu of the Explorer allows to you to switch
between the various dashboards available to you. When you
have multiple roles in a project, you combine privileges
from all the roles that you are a member of.