Conical uses a role based security model to control access to the tool and the data stored within.
Each role can be granted a set of site level privileges as well as a set of per-product privileges. This allows for finely grained control over who has access to what. Note that all privileges are granted, there’s no support for having ‘all privileges except x’.
These roles can be assigned to both groups and to individual users (although we recommend the use of groups for ease of management).
Anonymous access is supported within the tool and the anonymous user can be granted roles in the same way as any other user.
Users have the following properties:
- can be members of multiple groups
- can have roles granted to them explicitly
- can be renamed
- can be locked / unlock
- cannot be deleted – this is due to maintaining a full audit trail of data.
Note that the best way to ‘delete’ users (given they can’t actually be deleted) is to renamed them to have a prefix indicating that they’re deleted and to lock the account so that it cannot be used.
Users can create access tokens to allow for REST API calls to be made. These can either be for all of the user’s privileges or can be for a specific subset of privileges (site level or product level).
Groups represent a set of users and currently may not be recursive in nature, that is, groups cannot themselves be members of other groups.
Available Product Privileges
The following product privileges are available:
|admin||Can do everything|
|commenter||Can add comments|
|commentsAdmin||Can edit other people’s comments|
|configurator||Can configure the product, e.g. add test run types|
|publisher||Can publish data to the tool|
|viewer||Can view published data|
|auditTrail||Can view the audit trail within the product|
|testRunSetDeleter||Can mark test run sets as candidates for deletion|
Note that users are always able to edit their own comments.