11ca358242
* web/admin: fix duplicate RBAC preview banner on permission modal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * switch non-embedded permission page to use vertical tabs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some leftover html? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move stuff into vertical subtab Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show all of users permission tabs on one main tab Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework role page to match user page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use separate tabs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename role permission tables to match user tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to credentials and tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add country icon to session list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add oauth access token list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add helper to get relative time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use pfdivider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace plain hr with pf-c-divider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use new logic for showing relative time in charts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use consistent relative time for event display Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove more leftovers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some alignment issues on the admin dashboard Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update storybook map Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add sanity check to event app lookup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make api drawer header fixed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix table padding for toggle Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix notification drawer for user interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * enable system task search Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix formatting, exclude generated script from formatting Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web: minor fixes There's a renderer (it's not a component, not yet) for producing definition lists without the risk of missing a class or tag. Breaking conditionally rendered components out to make their use easier to identify. * fix prettier Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix outpost form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more flaky tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-create locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some description for different permission views Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix system task search Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Ken Sternberg <ken@goauthentik.io>
7.2 KiB
7.2 KiB
title, description
| title | description |
|---|---|
| Manage permissions | Learn how to use global and object permissions in authentik. |
Refer to the following topics for instructions to view and manage permissions.
View permissions
You can view all permissions that are assigned to a user, group, role, flow, or stage.
View user and role permissions
To view object permissions for a specific user or role:
- Go to the Admin interface and navigate to Directory.
- Select either Users or Roles
- Select a specific user/role by clicking on the name (this opens the details page).
- Click the Permissions tab at the top of the page
- Select the Assigned global permissions sub-tab to see global permissions and the Assigned object permissions sub-tab to see the object-level permissions.
View flow permissions
_These instructions apply to all objects that have a detail page, which can be accessed by clicking on the name in the list page.__
- Go to the Admin interface and navigate to Flows and Stages -> Flows.
- Click the name of the flow (this opens the details page).
- Click the Permissions tab at the top of the page.
- View the assigned permissions using the User Object Permissions and the Role Object Permissions tabs.
View stage permissions
_These instructions apply to all objects that do not have a detail page.__
- Go to the Admin interface and navigate to Flows and Stages -> Stagess.
- On the row for the specific stage whose permissions you want to view, click the lock icon.
- On the Update Permissions tab, you can view the assigned permissions using the User Object Permissions and the Role Object Permissions tabs.
Manage permissions
You can assign or remove permissions to a user, role, group, flow, or stage.
Assign, modify, or remove permissions for a user
To assign or remove object permissions for a specific user:
- Go to the Admin interface and navigate to Directory -> Users.
- Select a specific user by clicking on the user's name.
- Click the Permissions tab at the top of the page.
- To assign or remove permissions that another user has on this specific user:
- Click the User Object Permissions tab, click Assign to new user.
- In the User drop-down, select the user object.
- Use the toggles to set which permissions on that selected user object you want to grant to (or remove from) the specific user.
- Click Assign to save your settings and close the modal.
- To assign or remove permissions that another role has on this specific user: Click the Role Object Permissions tab, click Assign to new role. 2. In the User drop-down, select the user object. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click Assign to save your settings and close the modal.
To assign or remove global permissions for a user:
- Go to the Admin interface and navigate to Directory -> Users.
- Select a specific user the clicking on the user's name.
- Click the Assigned Permissions tab at the top of the page (to the right of the Permissions tab).
- In the Assigned Global Permissions area, click Assign Permission.
- In the Assign permissions to user modal, click the plus sign (+) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox.
- Click Add, and then click Assign to save your changes and close the modal.
Assign or remove permissions on a specific group
:::info Note that groups themselves do not have permissions. Rather, users and roles have permissions assigned that allow them to create, modify, delete, etc., a group. Also there are no global permissions for groups. :::
To assign or remove object permissions on a specific group by users and roles:
- Go to the Admin interface and navigate to Directory -> Groups.
- Select a specific group by clicking the the group's name.
- Click the Permissions tab at the top of the page.
To assign or remove permissions that another user has on this specific group:
- Click the User Object Permissions tab, click Assign to new user.
- In the User drop-down, select the user object.
- Use the toggles to set which permissions on that selected group you want to grant to (or remove from) the specific user.
- Click Assign to save your settings and close the modal.
- To assign or remove permissions that another role has on this specific group: Click the Role Object Permissions tab, click Assign to new role. 2. In the Role drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role. 4. Click Assign to save your settings and close the modal.
Assign or remove permissions for a specific role
To assign or remove object permissions for a specific role:
- Go to the Admin interface and navigate to Directory -> Roles.
- Select a specific role the clicking on the role's name.
- Click the Permissions tab at the top of the page. To assign or remove permissions that another user has on this specific role: 1. Click the User Object Permissions tab, click Assign to new user. 2. In the User drop-down, select the user object. 3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user. 4. Click Assign to save your settings and close the modal.
- To assign or remove permissions that another role has on this specific group: Click the Role Object Permissions tab, click Assign to new role. 2. In the Role drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click Assign to save your settings and close the modal.
To assign or remove global permissions for a role:
- Go to the Admin interface and navigate to Directory -> Roles.
- Select a specific role by clicking on the role's name.
- The Overview tab at the top of the page displays all assigned global permissions for the role.
- In the Assigned Global Permissions area, click Assign Permission.
- In the Assign permissions to role modal, click the plus sign (+) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox.
- Click Assign to save your changes and close the modal.
Assign or remove flow permissions
- Go to the Admin interface and navigate to Flows and Stages -> Flows.
- Click the name of the flow (this opens the details page).
- Click the Permissions tab at the top of the page.
- Add or remove permissions using the User Object Permissions and the Role Object Permissions tabs.
Assign or remove stage permissions
- Go to the Admin interface and navigate to Flows and Stages -> Stagess.
- On the row for the specific stage that you want to manage permissions, click the lock icon.
- On the Update Permissions tab, you can add or remove the assigned permissions using the User Object Permissions and the Role Object Permissions tabs.