Users must be assigned the relevant permissions to use the Software Potential service. Software Potential uses Role-based Access Control (RBAC) where permissions are assigned to roles and roles assigned to users.
Software Potential has standard roles to cover the main license management tasks but you can also create custom roles if the standard roles do not meet your requirements.
Sections included in this document
The following predefined roles are available to be assigned to users by an Administrator:
A user assigned the Admin role can
- Read and write Product, License, and Customer data.
- Issue licenses.
- Generate permutations and access the NuGet feed.
- Manage Users.
- View Reports.
- Manage Account Settings (including billing and payment settings).
A user assigned Read role can read Product, License and Customer data.
A user assigned the ReadWriite role can read and write Product, License and Customer data.
A user assigned the ReadWriteIssue role can
- Read and write Product, License and customer data, AND
- Issue Licenses.
A user assigned the Developer role can both
- Generate/update permutations and
- Download NuGet packages.
Report Viewer Role
A user assigned the ReportViewer role can access the new Analyze reporting module.
The following permissions are available to be assigned to custom roles :
- Customers Read
A user with the Analyze permission can access the reports contained in the Analyze module.
A user with the CustomersRead permission can read Customer data. This permission is required to assign a licenses to a customer.
A user with the CustomersWrite permission can write Customer data. This permission is required to create a customer so that a license can be assigned to that customer.
A user with the LicenseRead permission can read License and SKU data. This permission is required but not sufficient to issue licenses i.e. to view existing licenses and SKUs from which license may be issued.
A user with the LicenseWrite permission can write License and SKU data. This permission is required but not sufficient to issue licenses and create SKUs.
A user requires the LicenseIssue permission to issue a license. See Permissions to Issue Licenses for the other permissions required to issue a license.
A user with the ManagePermutations permission can:
- Create and update Permutations.
- Access the NuGet feed to download runtime/tooling packages.
Deprecated permission used in legacy CRM integration - ignore .
A user with the NuGetRead permission can download NuGet packages but cannot generate/update permutations.
To assign the NuGet permission an Administrators must:
- Create a custom role (e.g. NuGet Feed) and add the "NuGetRead" permission to that role.
- Assign the new custom role to those users that need access to the NuGet feed.
A user with the ProductsRead permission can read Product data. This permission is required to issue licenses i.e. to read the list of available products and associated features.
A user with the ProductsWrite permission can write Product data.
Module Dependent Roles and Permissions
Additional Roles and/or Permission will be added to the standard roles and permissions when an optional module is provisioned to a Software Potential account. For example, if the optional Customer Portal module is provisioned to an account the associated portal permission is added and must be assigned to those users that need to access that module.
If the Customer Portal module is included in one’s Software Potential subscription a user with the CustomerPortalInvite permission can access the Customer Portal functionality.
To assign the CustomerPortalInvite permission Administrators must:
- Create a custom role and add the "Portal" permission to that role.
- Assign the new custom role to those users that need access to the Portal module.
It is not possible to add permissions to or remove permissions from the standard roles. Administrators can, however, create custom roles that are more or less restrictive than the standard roles included by default.
For example, to restrict a user to only managing Products a custom ProductManager role could be created that contains only the ProductRead and ProductWrite permissions.
Permissions to Issue Licenses
You may wish to restrict a user to just issuing licenses, without the ability to create products/features etc. To issue a license and assign it to a customer the following is minimum set of permissions required:
- CustomersWrite *
* The CustomersWrite permission is only necessary where the user is also responsible for creating the Customer as part of the license issue process. For example if Customer data is populated automatically from an external system such as a CMR/ERP system, then a license issuer should not need to create customers and so should only need CustomersRead to issue a license.
To assign these permissions to a user, first create a Custom role (e.g. LicenseIssuer) and add the required permissions to the role; then assign the role to the user.
Create Custom Role
Only those users with the Admin role can create custom roles. To create a custom role:
- Click on the Settings icon on the top navigation bar and select Manage Users.
- Click the Manage Roles button to display Manage Roles dialog.
- Click on the New button to open new role dialog.
- Enter a Name (and optionally a Description) for the role and Save.
- Select the role in the list of roles and click Edit.
- Add one or more permissions to the role using the relevant checkboxes.
- Click Save.
Manage Roles and Permissions
Only those users with the Admin role can assign roles to users. To assign a role to a user:
- Click on the Settings icon on the top navigation bar and select Manage Users
- Select the user in the user list and click Edit
- Add one or more roles to the user using the relevant checkboxes
- Click Save to assign the selected roles to the user
Article is closed for comments.