Permission profiles - Research and Engineering Studio
Overview Managing permission profiles Default permissions profiles

Permission profiles

Overview

Research and Engineering Studio (RES) allows an administrative user to create custom permission profiles that grant selected users additional permissions to manage the project that they are part of. Each project comes with two default permission profiles- "Project Member" and "Project Owner" that can be customized after deployment.

Currently, administrators can grant two collections of permissions using a permission profile:

  1. Project management permissions which consist of "Update project membership" that allows a designated user to add other users and groups to, or remove them from, a project, and "Update project status" that allows a designated user to enable or disable a project.

  2. VDI session management permissions which consist of "Create Session" that allows a designated user to create a VDI session within their project, and "Create/Terminate another user's session" that allows a designated user to create or terminate the sessions of other users within a project.

In this way, administrators can delegate project-based permissions to non-administrators in their environment.

Project management permissions

Update project membership

This permission allows non-admin users who have been granted it to add and remove users or groups from a project. It also allows them to set the permission profile and decide the access level for all other users and groups for that project.

Update project status

This permission allows non-admin users who have been granted it to enable or disable a project using the Actions button on the Projects page.

VDI session management permissions

Create a session

Controls whether or not a user is allowed to launch their own VDI session from the My Virtual Desktops page. Disable this to deny non-admin users the ability to launch their own VDI sessions. Users can always stop and terminate their own VDI sessions.

If a non-admin user does not have permissions to create a session, the Launch New Virtual Desktop button will be disabled for them as shown here:

non-admin users without permissions have the launch new virtual desktop button disabled
Create or Terminate the sessions of others

Allows non-admin users to access the Sessions page from the left-hand navigation pane. These users will be able to launch VDI sessions for other users in the projects where they have been granted this permission.

If a non-admin user has permission to launch sessions for other users, their left-hand navigation pane will display the Sessions link under Session Management as shown here:

If a non-admin user does not have permission to create sessions for others, their left-hand navigation pane will not display Session Management as shown here:

the sessions management link is hidden from non-admin users without permission to create sessions for others

Managing permission profiles

As a RES administrator, you can perform the following actions to manage permission profiles.

List permission profiles

  • From the Research and Engineering Studio console page, select Permission Profiles in the left-hand navigation pane. From this page you can create, update, list, view and delete permission profiles.

    administrators can list permission profiles
View permission profiles

  1. On the main Permission Profiles page, select the name of the permission profile you want to view. From this page you can edit or delete the selected permission profile.

    administrators can edit or delete permission profiles

  2. Select the Affected projects tab to view the projects that currently use the permission profile.

    administrators can view the projects affected by permission profiles
Create permission profiles

  1. On the main Permission Profiles page, select Create profile to create a permission profile.

  2. Enter a permission profile name and description, then choose the permissions to grant to the users or groups that you assign to this profile.

    administrators can create permission profiles
Edit permission profiles

  • On the main Permission Profiles page, choose a profile by clicking the circle next to it, select Actions, then choose Edit profile to update that permission profile.

    administrators can edit permission profiles
Delete permission profiles

  • On the main Permission Profiles page, choose a profile by clicking the circle next to it, select Actions, then select Delete profile. You cannot delete a permission profile that is used by any existing project.

    administrators can delete permission profiles

Default permissions profiles

Every RES project comes with two default permission profiles that Global Administrators can configure. (In addition, Global Administrators can create and modify new permission profiles for a project.) The following table shows the allowed permissions for the default permission profiles- "Project Member" and "Project Owner". Permission profiles, and the permissions they grant to select users of a project, only apply to the project that they belong to; Global Administrators are super users who have all the permissions below across all projects.

Permissions Description Project Member Project Owner
Create Session Create your own session. Users can always stop and terminate their own sessions with or without this permission. X X
Create/terminate others' sessions Create or terminate another user's session within a project. X
Update Project membership Update users and groups associated with a project. X
Update Project Status Enable or disable a project. X