IRIS
Intelligent Roadway Information System
Permissions
Permissions are a newer access control feature intended to replace capabilities and privileges. For now, they determine permissions for web access only.
API Resources 🕵️
iris/api/permission
iris/api/permission/{id}
iris/api/access
Access | Primary |
---|---|
👁️ View | id |
🔧 Configure | role, resource_n, hashtag, access_n |
Setup
Role is the user role associated with the permissions.
Resource is the {type}
part of a base restricted resource to be accessed.
Hashtag restricts the permission to resources which have the assigned tag. Permissions containing hashtags are only checked for updates to existing resources, not creation/deletion.
There are 4 access levels, with increasing permissiveness:
Level | Access | Permissions |
---|---|---|
1 | 👁️ View | Monitor / read |
2 | 👉 Operate | + Control |
3 | 💡 Manage | + Policies, scheduling |
4 | 🔧 Configure | + Create, update, delete |
When checks are performed, the highest access level of matching permissions is used.
Base Resources
To simplify administration, some permissions grant access to related resources. In other words, permissions on the base resource also applies to any dependent resource, at the same access level.
Base Resource | Dependent Resources |
---|---|
action plan | beacon action, camera action, day matcher, day plan, dms action, lane action, meter action, plan phase |
alert config | |
beacon | |
camera | catalog, flow stream, monitor style, play list, video monitor |
controller | alarm, comm link, controller io, gps, modem |
detector | r_node, road, station |
dms | font, graphic, message line, message pattern, sign configuration, sign detail, sign message, word |
gate arm | gate arm array |
incident | inc_advice, inc_descriptor, inc_locator |
lcs | lcs array, lcs indication, lane marking |
parking area | |
permission | domain, role, user id |
ramp meter | |
system attribute | cabinet style, comm config |
toll zone | tag reader |
weather sensor |
Associated Resources
Some resources contain an associated resource_n, linking them to a base resource. These include:
- geo loc
- controller io
- device preset
- hashtag