Assign Roles

Users can have one or more roles in Panopticon:

Role Description

Viewers

Allowed to look at workbooks.

Designers

Allowed to create and edit workbooks. 

Administrators

Allowed to have access to features like logs, API tokens, and scheduled tasks. 

 

Map your users to Panopticon roles using their user group memberships and usernames. Groups are preferred to avoid listing individual users in the configuration.

The following properties control the mapping and take a comma-separated list of one or more values. Each property is optional.

Property Description

access.administrator.groups 

List of group names where all members become administrators. 

access.administrator.users

List of individual usernames of users that become administrators. 

access.designer.groups 

Groups where members become designers. 

access.designer.users 

Usernames of users that become designers 

access.viewer.groups

Groups where members become viewers. 

access.viewer.users 

Usernames of users that become viewers. 

 

There are two more properties that control role mapping:

Property Description

access.default.roles 

Applies to users that are not listed in the regular mapping, either explicitly with username, or as members of a listed group. The possible values are VIEWER (default), DESIGNER, and ADMINISTRATOR

access.list.delimiter 

Can be used to change the default comma as separator in the access mappings to something else if your usernames or group names contain commas. 

 

Example role mapping settings:

access:
     administrator.groups: pano-admins, managers
     administrator.user: cto@company.org
     designer.groups: pano-editors, pano-reviewers
     viewer.groups: pano-users
     default.roles: VIEWER

In an organization where only selected users should have access to Panopticon, you have two options:

  • The authentication approach (preferred)

    Configure the authentication layer so that only authorized users are let in. For example, with LDAP, use an OU in your user-dn-patterns that only has Panopticon users as members, or with OAuth, assign only these users to the application.

  • The content access control approach (fallback)

    Change the permission of the Panopticon content root folder so that the group names associated with the viewer and designer roles have access and remove the permissions for Everyone.

NOTE: Users that are administrators always have full access to all folders.

 

 

(c) 2013-2024 Altair Engineering Inc. All Rights Reserved.

Intellectual Property Rights Notice | Technical Support