Roles are an easy way to manage the Permissions that your users have within the divergent Cloud.
The divergent Cloud has a full RBAC (Role-based access control) platform based on permission lists built up from each individual product and its central management area.
When you first create your Billing Profile, you are assigned the "Owner" role that gives you access to everything within.
When installing a new Application, you will be assigned the product's respective Owner role to grant all permissions within that Application. If you have the built in "Owner" role, its Scope is simply updated to include that application instance.
Built-in Roles
Whilst our Built-in Roles are not configurable, you are free to create your own Roles within the divergent Cloud to have more fine-grained control over your users' permissions when they access your system.
The available Permissions within the divergent Cloud are extensive enough to allow precise control for your own custom roles.
All Permissions
What's in a Role?
A role is literally a name, description, and list of permissions available to it (or not).
Our list of permissions is both an "Allow List" and "Exclusion List". Items in the exclusion list take priority over the allow list.
An example of a list of permissions is below:
Divergent.Connect/*
!Divergent.Connect/email/*
Exclusions are prefixed with an exclamation mark (!), and the above list of permissions allows the user to access divergent Connect to do everything, apart from anything related to Email.
How are Roles assigned to Users?
Roles are assigned to users on a per-application basis.
When you assign a Role to a user, you choose it's "Scope" (ie. where it applies).
Cloud Permissions are assigned at all times as the management platform is not its own app, it is a centrally managed service that forms the underlying divergent Cloud platform.
Therefore if you assign Cloud Permissions to a role, they will apply to that user regardless of the scope.
For this reason we recommend that you maintain separate roles for Cloud Permissions and Application Specific Permissions.
For example, if you have 2 instances of divergent Connect, you're able to assign different permissions within each to the same user.