Access Management is a powerful feature provided by the TagoIO platform when it comes to managing access levels in your application. You can choose which users or type of users will be able to access a dashboard, among other things that will be covered later. To further detail this feature, let’s take a practical example. We will establish 3 level access in our TagoRun and show how we can configure the access management so that each level has its access as shown below.
As stated above, let’s show na example using Access management. You won’t be able to reproduce this example in your account because you don’t have the same dashboards as I do, but the most important thing I want to convey here is to show you how Access Management works and how it can be used in your TagoRun application.
To follow the example let’s define what will be our 3 levels of access.
Level 1 - User
Level 2 - Administrator
Level 3 - Super Administrator
Now that we know what each level will be, let’s describe what each will be able to access or not.
User - A user can access everything except the administration dashboard but cannot move or resize anything
Administrator - An administrator can access everything but cannot move or resize anything
Super Administrator - A super administrator can access everything and can resize or move anything
With our fully defined practical example, let’s move on to our Tago Run Access Management. Where we will configure for each user what they will be able to access on Run.
Tip: Reading this far, you may have wondered how I will differentiate users to know their level of access, right? To do this, I will use TAGS on users. If you don’t know how to do this, take a look at this post before proceeding: Creating tags for TagoRUN user with hidden fields
Creating the policies to restrict or allow resources in your Run platform
Creating your Run access policies is very simple to do, as it’s built in a 1-3 step-way. First you define the name, then who will gain access, and then what the access will be! Let’s create the policies for the level 1 (Users). To do so, go to the Access Management menu and click the Add Policy button. Now, the first thing we should do, is defining the name and the target of the policy (who will gain or lose access). The image below shows the name I defined and the target I defined from tags.
After this, we want to set the permissions. As I wrote previously, users will be able to access everything except the administration dashboard, and will not be able to move or resize anything. So, we will create two permissions for this policy. One permission to allow access to everything and one not to allow access to the admin dashboard. The image below shows how these two permissions were configured.
We will repeat this now for the other levels. Level 2 will have only one access policy for everything.
And level 3 is a policy of access to everything with the possibility of move and resize the widgets.
Note that the level 2 and 3 policy are very similar, the only detail will be the number of rules within the permission. Level 3 has 2 rules while level 2 has only 1 rule. What is this additional rule that level 3 has? This rule is the arrangement that will enable the super administrator to move and resize widgets.
With the 3 policies done, one for each level, we come to the result shown in the first image of this post. If you had any difficulty or questions reading this post, please send your message in response to this post and I will be very happy to help you!