Authorizations

This section details how to configure the permissions granted to an account, either directly or through a configured role.

Prerequisites

According to the context, you might need to set up:

How to add an authorization manually or from a certificate

1. Log in to Stream Administration Interface.

2. Access Authorizations from the drawer or card: Security  Authorizations.

3. Click on Grant authorization.

4. Click on Add authorization manually Add Authorization Manually

5. Fill the mandatory fields:

  • Either:

    • Fill in an Identifier*: it can be either a local account identifier or an OpenID Connect identifier (usually email address).

    • Import a certificate by clicking on certificate button Grant authorization.

6. Click on add button.

How to add an authorization from a search

1. Log in to Stream Administration Interface.

2. Access Authorizations from the drawer or card: Security  Authorizations.

3. Click on Grant authorization.

4. Click on Search and Add Authorization Search and Add Authorization

5. Search by Identifier for a local account previously defined.

6. Click on search button.

7. Choose the identifier you want to add.

8. Click on add button.

You can update Edit Authorization, see connexion information Delete Authorization, or delete Delete Authorization Authorization.

How to grant a permission

1. Click on Grant authorization.

Role

2. Select a role previously created (if needed).

Permissions

Stream allows you to manage 2 types of permissions: configuration and lifecycle.

Stream uses wildcard permissions which means you can configure the permissions very thoroughly.

Configuration

For configuration permissions, you can specify:

  • the Section (ex: Security)

  • the concerned Module (only for select modules)

  • the type of permission: Audit (read-only) or Manage (read-write, equivalent to All).

4. Click on add button.

5. Select a section, then a module, then a submodule if there is, and a right.

6. Click on add button (Don’t forget to save).

7. Click on the save button if you are done.

Lifecycle

For lifecycle permissions, you can specify the concerned CA and the concerned Template then the type of permission: Enroll, Revoke, Search or All of these.

4. Click on add button.

5. Select a module, then a profile, and a right.

6. Click on add button. (don’t forget to save).

7. Click on the save button if you are done.