In order for users to be able to see and execute a scan workflow on a terminal, access must be configured – by default nobody has access.
Types of access rules
Access to each individual workflow can be configured via rules on a group or user basis:
- Allow – given user/group has access to the workflow.
- Deny – given user/group will be denied access to the workflow.
Configuring access rules
Scan workflow access rules can be configured in the SAFEQ Cloud web UI on the “Access” tab in the “Scan Workflows” section.
- Go to “Scan Workflows” > “Access”.
- To configure a new access rule, click the “Add” button.
- Configure the access rule and then click “Save”.
Authentication provider – choose the provider from which the target users or groups shall be chosen.
Workflow – scan workflow for which the access should be granted/denied.
Access – choose the type of rule to create for the target users or groups.
User or group name – full-text search under the given authentication provider is possible, if nothing is filled out, all users and groups of the provider will be listed.
In the selection box, either one or multiple users & groups can be selected via standard selection methods (mouse drag, shift+click, ctrl + click).
Effective workflow access evaluation
To determine whether a user has access to a workflow (and therefore can see it on the terminal and execute it), the system is evaluating a combination of all configured rules that apply to the given workflow and target the actual user + any group, that this user is a member of.
Rules are evaluated with the following priority:
- Rules that target the user explicitly have higher priority than rules that target a group containing this user
- Rules that deny access have higher priority than rules that allow access on the same level (i.e. deny rule for a group is stronger than allow rule for a group, but it can be overruled by a user explicit allow rule)
Thanks for your feedback.
Post your comment on this topic.