* draft rbac docs * tweaks * add a permissions topic * tweaks * more changes * draft permissions topic * more content on roles * links * typo * more conceptual info * Optimised images with calibre/image-actions * more content on roles * add more x-ref links * fix links * more content * links * typos * polishing * Update website/docs/user-group-role/access-control/permissions.md Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * separwate conceptual vs procedural in permissions * finished groups procedurals * new page * added link * Update website/docs/user-group-role/access-control/permissions.md Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * polish * edits from PR review * restructured view section to remove repetition * rest of edits from PR review * polished flows and stages * polish * typo --------- Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana Berry <tana@goauthentik.io> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Jens L. <jens@goauthentik.io>
7 KiB
title | description |
---|---|
Manage permissions | Learn how to use global and object permissions in authentik. |
Refer to the following topics for instructions to view and manage permissions.
View permissions
You can view all permissions that are assigned to a user, group, role, flow, or stage.
View user, group, and role permissions
To view object permissions for a specific user, role, or group:
- Go to the Admin interface and navigate to Directory.
- Select either Users, Groups, or Roles
- Select a specific user/group/role by clicking on the name (this opens the details page).
- Click the Assigned Permissions tab at the top of the page (to the right of the Permissions tab).
- Scroll down to see both the global and object-level permissions.
:::info Note that groups do not have global permissions. :::
View flow permissions
- Go to the Admin interface and navigate to Flows and Stages -> Flows.
- Click the name of the flow (this opens the details page).
- Click the Permissions tab at the top of the page.
- View the assigned permissions using the User Object Permissions and the Role Object Permissions tabs.
View stage permissions
- Go to the Admin interface and navigate to Flows and Stages -> Stagess.
- On the row for the specific stage whose permissions you want to view, click the lock icon.
- On the Update Permissions tab, you can view the assigned permissions using the User Object Permissions and the Role Object Permissions tabs.
Manage permissions
You can assign or remove permissions to a user, role, group, flow, or stage.
Assign, modify, or remove permissions for a user
To assign or remove object permissions for a specific user:
- Go to the Admin interface and navigate to Directory -> Users.
- Select a specific user by clicking on the user's name.
- Click the Permissions tab at the top of the page.
- To assign or remove permissions that another user has on this specific user:
- Click the User Object Permissions tab, click Assign to new user.
- In the User drop-down, select the user object.
- Use the toggles to set which permissions on that selected user object you want to grant to (or remove from) the specific user.
- Click Assign to save your settings and close the modal.
- To assign or remove permissions that another role has on this specific user: Click the Role Object Permissions tab, click Assign to new role. 2. In the User drop-down, select the user object. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click Assign to save your settings and close the modal.
To assign or remove global permissions for a user:
- Go to the Admin interface and navigate to Directory -> Users.
- Select a specific user the clicking on the user's name.
- Click the Assigned Permissions tab at the top of the page (to the right of the Permissions tab).
- In the Assigned Global Permissions area, click Assign Permission.
- In the Assign permissions to user modal, click the plus sign (+) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox.
- Click Add, and then click Assign to save your changes and close the modal.
Assign or remove permissions on a specific group
:::info Note that groups themselves do not have permissions. Rather, users and roles have permissions assigned that allow them to create, modify, delete, etc., a group. Also there are no global permissions for groups. :::
To assign or remove object permissions on a specific group by users and roles:
- Go to the Admin interface and navigate to Directory -> Groups.
- Select a specific group by clicking the the group's name.
- Click the Permissions tab at the top of the page.
To assign or remove permissions that another user has on this specific group:
- Click the User Object Permissions tab, click Assign to new user.
- In the User drop-down, select the user object.
- Use the toggles to set which permissions on that selected group you want to grant to (or remove from) the specific user.
- Click Assign to save your settings and close the modal.
- To assign or remove permissions that another role has on this specific group: Click the Role Object Permissions tab, click Assign to new role. 2. In the Role drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role. 4. Click Assign to save your settings and close the modal.
Assign or remove permissions for a specific role
To assign or remove object permissions for a specific role:
- Go to the Admin interface and navigate to Directory -> Roles.
- Select a specific role the clicking on the role's name.
- Click the Permissions tab at the top of the page. To assign or remove permissions that another user has on this specific role: 1. Click the User Object Permissions tab, click Assign to new user. 2. In the User drop-down, select the user object. 3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user. 4. Click Assign to save your settings and close the modal.
- To assign or remove permissions that another role has on this specific group: Click the Role Object Permissions tab, click Assign to new role. 2. In the Role drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click Assign to save your settings and close the modal.
To assign or remove global permissions for a role:
- Go to the Admin interface and navigate to Directory -> Roles.
- Select a specific role by clicking on the role's name.
- The Overview tab at the top of the page displays all assigned global permissions for the role.
- In the Assigned Global Permissions area, click Assign Permission.
- In the Assign permissions to role modal, click the plus sign (+) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox.
- Click Assign to save your changes and close the modal.
Assign or remove flow permissions
- Go to the Admin interface and navigate to Flows and Stages -> Flows.
- Click the name of the flow (this opens the details page).
- Click the Permissions tab at the top of the page.
- Add or remove permissions using the User Object Permissions and the Role Object Permissions tabs.
Assign or remove stage permissions
- Go to the Admin interface and navigate to Flows and Stages -> Stagess.
- On the row for the specific stage that you want to manage permissions, click the lock icon.
- On the Update Permissions tab, you can add or remove the assigned permissions using the User Object Permissions and the Role Object Permissions tabs.