We have made User Management more robust & easy to configure. The User Management in Myaccount portal is a simple and intuitive web-based user interface for managing all the Products, Services, And Billing access. You can add multiple users with their respective Policy Sets as per your requirement and provide necessary access to them.
User Management screen will be like -
There are two tabs in the above screen one is Users & the other is Policy set
A new user can be created from the Users tab.
Policies can be created from the Policy Set tab.
You can see all the available policy in the Policy Set tab as shown below.
There are a couple of things that a Root User needs to configure while creating new users.
The Root User must have to select a Policy-set from the drop down menu while adding a new ACL user.
The Root User can create custom Policy-Set by clicking on Create New Policy Set link as shown in the above image.
The Root User can now be able to see the new policy creation window as below.
Basically, there are two types of Policy-Set defined in our User Management.
These are the ready-made policy sets created for you. You can use them to create a new user. There are three types of predefined policies available in MyAccount
1. Billing Policy¶
The user account associated with billing policy set would only be able to perform payment and billing related operations on MyAccount. There are selected UI components allowed for a ACl user from MyAccount like PayNow, Billing Profile and Coupon. They shall also receive the email and notifications related to invoice & billing.
2. Technical Policy¶
The user account associated with technical policy set would be able to manage the products and services on the MyAccount. But they cannot manage the billing areas.
3. Manager Policy¶
The user account associated with Manager Policy set shall be able to look & manage all the necessary MyAccount areas. It is a combination of billing and technical policy set. But cannot manage User Account (User Management is only restricted for Root User).
4. Admin Policy Set¶
We have added one more predefined policy set i.e. AdminPolicy. The basic idea of bring this policy set is to provide a way to create additional users under MyAccount who can have permissions similar to the primary user (root user of MyAccount).
The user whose role is mapped with this new AdminPolicy set will be able to manage other users from the User Management section. This policy set has pre-configured permissions which cannot be edited by anyone.
These are the following privileges that an additional user will get once mapped with AdminPolicySet.
They will have access to the User Management section and can create/manage other additional users on behalf of the Primary User.
They can Create, Update & Delete the custom policies as well as assign/change it for other users.
They can also nominate other users for the Aadhar Validation process.
They would also be able to see their own policy set mapping and can change it but as soon as it is changed. The user is no longer a super-user (AdminPolicyUser) and will be able to perform actions as per the new policy set mapped with their user.
Some screenshots from the User Management section that shows how to create a new superuser (AdminPolicyUser)
Primary User View
The User Management section view of additional user who have AdminPolicy assinged to their profile/user.
The predefined policy sets cannot be changed by anyone. The clone policy feature will be released soon to give you an option to create a custom policy quickly with less efforts.
If you need a customized policy set for a new user. You can created it from the Policy Set tab. But you can only assign one policy set at a time for a user account. It could be a predefined one or a custom one.
A User can edit the custom policy set & can change their user’s permission.
A Root User can set & control the permissions for their ACL users as per the need.
Root User can set Access controls like Read, Create, Update & Delete on various services provided as part of ACL policy set as shown in the above picture.
If a user policy has a Read Permission for a service then users whose profile is associated with this policy set can log in to MyAccount and view the service/product page. Any user whose ACL settings doesn’t have access permission for a specific service would get an Unauthorized Access restriction while attempting to access it.
If a User’s acl policy set has Create Permission on a service then only that User can perform the Create operation on that service. Otherwise, User will get an Unauthorized Access restriction.
If a User has Update Permission for a service then only that User Can perform the Update operation on already running instances of the product/service. Otherwise, User will be restricted with an Unauthorized Access error message.
If a User has Delete Permission on any service as per the ACL policy set associated with their account then only user can perform Delete operation on the running instances of the service. otherwise, User will get Unauthorized Access to the Product/Service.
A Root User will always have access to each component of MyAccount. ACL policy cannot be defined for a root user.
If a User has Read access of NodeService but for Delhi location only, then that User can only see and manage node of Delhi location only.
How an ACL user would see the UI screens on MyAccount as per the Policy-Sets associated with their account?
If you do not have READ permission of Node.
If you do not have READ permission of CDN
If you do not have READ permission of Licence Management.
If you do not have CREATE permission of Node.
If you do not have UPDATE permission of Node.
If you do not have UPDATE permission of Billing Profile.