Permission Sets enable SGNL Administrators to grant granular control over the features and objects within the SGNL product.
Permission Sets are groups of permissions, able to be assigned to Users and/or Teams to provide them with the level of access they need to complete their tasks.
Within each Permission Set there is a group of permissions.
An example Permission Set within SGNL is the Global Admin Permission Set. This should be granted sparingly to only a small set of Administrators that require full, global access to all features and objects within the SGNL Platform.
Within the Global Admin Permission Set, we see a range of Permissions that are expressed as the Resource, a period delimieter, then the level of access that is allowed, e.g. being granted the policies.read permission as part of the Permission Set would allow a User or member of a Team to read policies.
Users or Teams can be assigned 0 or more Permission Sets. Note A user having no Permission Sets assigned (either directly or through a team) will result in the user being unable to sign-in to the product or use any APIs, effectively disabling their access.
If more than 1 permission set is assigned (either directly or through a team), the permissions will be additive for the user. What this means is that if one Permission Set were to grant policies.read and another was to grant policies.create and policies.update all 3 of the aforementioned permissions would be granted to the user.
Permission Sets can have scoping applied through SGNL Labels. When Permission Sets are scoped, it means that all or some subset of the permissions they grant will be scoped only to the objects that have the label that the permission set is scoped to.
Given that not all objects in SGNL have or require a label, scoping a Permission Set will often (but not always) result in a mix of Global and Scoped Permissions.
Take for example the Policy Admin Permission Set. If I choose to Scope the assignment of that Policy for a given team, to the label Central IAM Team – SGNL will ensure that the team assigned this Permission Set will only be able to administer the Policies, Policy Versions, Snippets, and Snippet Versions (among others) that have the Central IAM Team label. These Policy Admins will however be able to see the Metrics and Logs globally within SGNL.
If your User account has sufficient permission, you’re able to review and assign/unassign Permission Sets.
Admin from the left navigation menu.Add Permission Set or hover an existing Permission Set to activate the Remove Permission Set context menu