Managing User Access
Flexera provides many different roles for access control to the features in Automation that should align well to the users in your organization. The following subsections describe how to manage user access in Flexera One Automation.
| • | Policy Roles and Access Controls |
| • | Access Levels |
| • | Granting Policy Roles |
| • | Detailed Feature to Role Mapping |
| • | Policy-Specific Permissions |
Policy Roles and Access Controls
Important:Your account’s user with the Administer organization role provides user access to Automation roles. For complete descriptions of each role available in Flexera One, see Flexera One Roles.
To access the Automation user interface in Flexera One, you must be granted at least one of the Automation roles in at least one account. If you need access to an Automation role, contact your account’s user with the Administer organization role.
For all policy roles except Publish policies, the role can be granted to a user or group at either the organization or the account level. When a role is granted at the organization level, it effectively grants that role to every account that exists now and in the future in the organization. Another effect of organization-level roles is that those users will be able to use the Organization Summary view on many policy pages, which rolls up all information about policies and incidents into a single overview. For users with account-level access, they will only be able to see content on an account-by-account basis.
The account’s user with the Administer organization role is responsible for inviting and granting roles to Flexera One Automation users. For details, see Access Management.
Detailed Feature to Role Mapping
The following table describes which roles are needed to use the various features of Flexera One Automation.
|
Automation Screen |
Automation Feature |
Roles that can use the Automation feature |
|||||||||||
|
Catalog |
View Catalog |
|
|||||||||||
|
Publish a Policy Template |
Publish policies |
||||||||||||
|
Un-Publish a Policy Template |
Publish policies |
||||||||||||
|
Delete Custom Policy Template |
Publish policies |
||||||||||||
|
Apply a Policy |
|
||||||||||||
|
Automation Dashboard |
View Dashboard |
|
|||||||||||
|
Organizational Summary |
Organizational Roles:
|
||||||||||||
|
Applied Policies |
View Applied Policies |
|
|||||||||||
|
Update a Policy |
|
||||||||||||
|
Terminate a Policy |
|
||||||||||||
|
Apply a Similar Policy |
|
||||||||||||
|
Incidents |
View Incidents |
|
|||||||||||
|
Approve or Deny an Action |
Approve policies |
||||||||||||
|
Templates |
View Templates |
|
|||||||||||
|
Update a Custom Policy |
Create policies |
||||||||||||
|
Apply a Policy |
Create policies |
||||||||||||
|
Delete a Custom Policy Template |
Create policies |
||||||||||||
|
Publish a Policy Template |
Publish policies |
||||||||||||
|
Credentials |
Create/Edit/Delete Credentials |
Administer organization |
|||||||||||
|
List/Use Credentials |
|
The policy roles described above grant users access to Flexera One Automation and its features. However, policies themselves have the ability to interact with any API which, in many cases, require permissions on that target API. The user that applies the policy must have the underlying privileges to access the resources needed by the policy. Each policy provided by Flexera documents its required permissions.