Add and manage users by controlling what apps and actions they can see and/or edit in an account.
Role-based access control (RBAC) is an enterprise level feature that allows user permissions to be set in relation to system resources, where resources are Apps or Actions. In effect you can give a digital business card user an account login and allow them to see their digital business card App and its associated Actions but not to see other Apps or Actions in the account.
The feature is extremely flexible and makes it manageable to have hundreds or thousands of digital business card apps in an account.
The process is that is that you create a “Role”, add “Policies” that define the role's capabilities, and then assign roles to users. Roles can be assigned to a user when they are invited to join an account or afterward.
A “policy” consists of:
Effect - Allow or Deny
Permissions - All - Create - Read - Update - Delete - Tag
Resource Type - All - App - Action
List of Tags
Thus you can create a role and individually give permission to read or update every app and action that you want that role to see. To simplify things, we also allow one to manage a Role according to tags.
Using the role below as an example, the user will be able to see all apps and actions that are tagged with the same tag as the user. In addition this user will be able to access and use all actions tagged with "admin" but they will not be able to make changes to the actions tagged with "admin:.
A second example role uses a single policy to allow users with this role to access all resources that have matching tags. This role is perfect for an agency account to give customers edit and metrics control of their own app and assets without having access to other apps in the account.
For example, if you have a customer with one app, and 10 actions in that App, and if you tag that user with “cust1: and tag their app with the matching “cust1” tag and tag each of the 10 actions with “cust1”, then when that user logs in they will see everything in the account that matches their user tag. Since as a user they are tagged “cust1” they will see all Apps and Actions with the matching tag and nothing else in the account.
One can assign this same “Role" to multiple customers because it is not referring to specific tags, but is only saying that a tagged user can see all resources that have the same tag.
An enterprise digital business card accounts can have thousands of users in an account, but each user can:
1. only see their DBC
2. only edit specific actions unique to them
3. have access to corporate managed content that they can add to their App but which they cannot change.
Viewing a User's Dashboard
When setting permissions to restrict what Apps a user can view and what actions they can edit from their dashboard, it is useful to audit the user's view to verify its correctness.
Fro this purpose, account owners are allowed to "View the User's Dashboard" and can access this capability from the "Edit User" page which is accessed from the "Users" tab under the acount dropdown gear.