XPRESSO

User Types and Group Membership Roles

About User Types and Group Membership Roles

Assigning users to a pre-defined user type and Group Membership role is a quick and effective way of controlling their permissions which in turn equates to segmenting which tasks and features they can perform. Users in XPRESSO are assigned to one of the following user types and Group Membership roles:

  • XPRESSO System Administrator - the Superuser who maintain the system.

  • XPRESSO Standard Users - contains four Group Membership sub-roles:

    • Group Administrator
    • Privileged Member
    • Group Member
    • Guest User (a transient role assigned to new Group Members)

Each Group Membership role used in XPRESSO has a pre-defined set of actions that users can perform. Group Admins can customize the default set of actions as required to grant or revoke the execution of a specific action for all members in a specific role according to your organizational requirements. See "Group Permissions" for more information.

NOTE 1:
You can only use the built-in Group Membership roles in XPRESSO; you cannot define your own roles.
NOTE 2:
For security and operational reasons, users cannot have two concurrent (different) Member roles in the same Group. You do have the option to have a different Membership role in different Groups.

System Administrator

The System Administrator can perform all actions/tasks in XPRESSO and are responsible for maintaining the health of XPRESSO by monitoring the internal components and services. The following tasks are exclusive to the System Administrator:

  • Creating new functional Groups in XPRESSO; likewise, only a System Admin can delete an existing Group. The following applies to this task:

    • When the System Administrator creates a new Group in XPRESSO, they must specify the Group Administrator for the Group. This role is usually assigned to the User who requested the creation of the new Group. The Group Administrator has the option to add other users to the Group Administrator role as required. The Group must contain at least one Group Administrator.

    • As part of assigning a Group Admin to a new Group, XPRESSO automatically uses the email address of the designated Group Admin for the destination address for all subsequent requests to join the Group. If a Group has multiple Group Admins, all subsequent requests to join that Group is emailed to every Group Admin to allow for distributed management of group functions.

    • Although the System Administrator is responsible for creating new Groups (and deleting them), the Group Admin performs most other Group management functions for the Group (any exceptions are noted in the procedures that require the System Admin to perform).

    • System Administrators can delete Groups that are no longer being used as part of their general maintenance routine. When you delete a Group from XPRESSO that has Group members assigned to it, all Group members are moved to the default Guest group; this does not affect the Membership role in other Groups.

    CAUTION!
    Deleting a Group is final; there is no recovery process to re-activate the Group. Consider Disabling the Group before deleting a Group.

  • Making changes to all system-wide (system management) settings in XPRESSO.

  • Integrating XPRESSO with other tools, for example setting up the required interfaces between XPRESSO and LaaS.

  • Resolving situations that require higher-level permission or problems beyond the scope of what a Group Administrator is able to perform.

See the System Administration topic for detailed information and tasks that are relevant and exclusive to the XPRESSO System Administrator.

Guest Users

New registered users in XPRESSO are automatically assigned to a Guest user role which is designed to be a transient (default) role before they are assigned to another role by the Group Administrator. As a new user, you are also automatically assigned to a default "Guest" group.

The following restrictions are imposed on Guest Members:

  • They have minimum visibility of XPRESSO features and GUI elements. Group Admin can change the Guest User Permission to adjust the privileges.

  • They can only view details about public groups that allow guest access.

  • The only actions they can perform in XPRESSO is submit or rerun Job Requests.

Groups have the option to allow Guest users to operate and use the resources available in that Group, constrained within the Guest User Permission settings in Group.

Transitioning from a Guest User Role

You have three options to transition from a Guest User Role in the Guest Group to another Group:

  • Submit a request to join an existing Group.

  • Submit a request to create a new Group.

  • Switch from the Guest Group to the new Group (only available if your Group Administrator has proactively added you to their Group in advance of your request; you will be notified by email if you have been added to a Group).

When a Guest member requests to join an existing Group, requests to create a new Group, or to switch Groups, the Group Admin changes their Guest role to another Membership role as part of the group enrollment process. You then need to switch from your current Group to the newly available Group. See "Group Members/Membership" for further information.

Group Administrators

Group Administrators oversee the operations and administration of the Group and have additional responsibilities and privileges than other Group Membership roles; key activities include:

  • Managing and maintaining the XPRESSO Group infrastructure such as adding and inviting users to a Group, changing a Member's role, removing Members from a Group, and changing the status of a Group. See "Group Administration" topic for information about the Group Administration tasks.

  • Customizing and maintaining "Group Permissions" to grant or revoke the execution of a specific action for all members in a specific Membership role.

  • Defining and maintaining "Group Preferences" used by the Group.

Other Group Admin Tasks

Group Administrators can also perform all other actions/tasks that a Privileged Member or Membership role can perform with XPRESSO.

In addition, Group Administrators have some exclusive high-level actions that are reserved for the Group Admin role because of their special requirements, broad implications with XPRESSO, or for security reasons.

EXAMPLE!
Only the Group Admin has the ability to delete topologies and testbeds, add or disable Group Members, or update Group Membership roles. See "Viewing your Current Group Permissions" for information about how to determine which specific actions are exclusive to Group Administrators.

Privileged Members

Privileged Members have more privileges than Group member, but less privileges than Group Admins. The types of tasks that are exclusive to Privilege members (vs. Group Members) are those tasks that are deemed "maintenance-type" actions for example, the ability to Add | Update | Set or Unset | Propagate | Delete | etc.

The are some Group Critical actions that Privileged Member cannot perform and are reserved for Group Administrators. See "Viewing your Current Group Permissions" for information about how to determine which specific actions a Privileged Member can or cannot perform.

Group Members

Group Members represent the bulk of member roles in a group and are in general, users that perform most of the services and resources the Group is providing.

Determining your User Type, Current Group, and Membership Role

The actions you can perform and the visibility to features and services in the Group dashboard GUI elements are determined by your assigned user type and Membership role.

To Determine your Current XPRESSO User Type and Group:

Your current User type is shown visibly on the bottom of the Main Navigation Bar in the Login Name/Active Group Icon button with the following designations:

  • SU: represents if you logged in as a System Administrator (SuperUser)

  • Your login initials (displays regardless of your Membership role).

You can determine your current group by panning over the Login Name/Active Group Icon button; your current group is shown to the right of your login name.

Since you can belong to several Groups, you may need to determine your Membership role in your current active Group. The actions you can perform and the visibility of XPRESSO dashboard GUI elements are determined by your assigned user type and Membership role.

To Determine your Membership Role:

This procedure allows you to determine your assigned role for each of the Groups you belong to and which Groups you are a member of. Other information (noted below) is also displayed.

  1. From the Main Navigation Bar, choose Settings, Contacts & Help→Group Management to open the Group Membership page.

  2. Click the My Groups menu if required. The My Group page displays indicating:

    • Which Group(s) you currently belong to.
    • Your Membership role: Guest | Member | Privilege Member | Group Admin.
    • Your user ID.
    • The Group Admins.
    • If the Group is a Public or Private Group.
    • If the Group Allows/Disallow Guests.

You can view your current permissions to determine which XPRESSO actions your Membership role can perform within a Group. Group Administrators can also change the permission setting as required to grant or revoke the execution of a specific action for all members in a specific role. See "Viewing your Current Group Permissions" for more information.

NOTE:
For Member and Privilege Member roles: See "Changing your Membership role in a Group" if you need to change your role in a Group in order to perform additional actions.

Next