Access Control
Role Management
GUARDARA provides a comprehensive role-based access control system that allows administrators to define which services users can interact with and what operations they can perform. This is done by creating Roles with one or more Scopes.
The Scopes assigned to a Role are inherited by the API key of the users assigned to the Role. For example, if the user's Role only allows the read Message Templates (template:read), then this will be the only Scope available to select when creating a new API key.
Built-in Roles
GUARDARA comes with two built-in roles, Administrator and User. Users with the Administrator role assigned have unrestricted access to all functionalities. The built-in User role is more restrictive but provides access to all functionalities a power-user would require. Additional roles can be created by clicking on the + button on the top left-hand side of the screen.
Managing Roles
Roles can be managed from the Roles tab of the Settings page. Creating new roles can be done by clicking on the + button on the top left-hand side of the screen.
A new role requires a name and a description. Scopes can be attached to define what actions a user with the role assigned can perform. Access to specific pages of the Manager may require multiple scopes, each potentially from a different service.
User Management
Creating User Accounts
Users are managed from the Users tab of the Settings page. Adding new users can be done by clicking on the + button on the top left-hand side of the screen. Administrators must provide the following information about the user when creating a new user:
- First name
- Last name
- Email address
- Role
The Role field allows assigning one of the existing Roles to the user. The assigned Role determines which service users can interact with and what operations they can perform using those services. Jump to the Roles section of the page to learn more about Roles.
Account Activation
If GUARDARA was set up with the Email subsystem enabled, users must be registered with a valid email address. GUARDARA automatically sends out an account activation email to the new user.
Without an SMTP server configured, when a new user account is created, the user interface allows the administrator to copy the account activation link so that it can be shared with the user.
Newly created accounts are listed under the Invited Users section of the page until the activation is completed.
Delete User Accounts
To delete one or more active or inactive users, select them using the checkbox and click on the trash bin icon. The deletion of an invited user before account activation results in the invalidation of the activation link.
Scopes
The format of the scope names is ${SERVICE_NAME}:${OPERATION}. For most microservices, there are four basic operations to choose from: read, remove, update, and write. A unique operation named all, when present, permits all four operations.
The table below summarizes each of the 4 basic operations.
| Operation | Description |
|---|---|
| read | Allows reading any resources handled by the service. |
| remove | Allows deleting any resources handled by the service. |
| update | Allows updating any resources handled by the service. |
| write | Allows createing new resources. |
The services are summarized by the table below.
| Service | Description |
|---|---|
| developer | This service manages the developer accounts registered under the Development tab of the Settings page. |
| engine | This service manages the Engine registrations. Engines can be registered or removed using the service. |
| enginemanager | The service manages connected Engines, such as fetching status information and reports; and starting, pausing, stopping and deleting tests. |
| inventory | The inventory service is responsible for managing the inventory of custom extensions. The service can be used to add new extensions or remove registered ones. |
| project | The service is an interface to the Project database. It can be used to fetch, create, update and remove Projects from the database. |
| log | The log service is responsible for managing the event logs. |
| template | The service is an interface to the Template database. It can be used to fetch, create, update and remove Message templates, Test Flows and Callbacks. |
| conversion | The conversion service is responsible for all the importing features. |
Administrative features such as the basic configuration, user and role management do not have dedicated services. Only administrators are granted access to these features.