Manage authorization scopes

Authorization scopes determine application access.

Default authorization scopes

The Genero Identity Provider (GIP) comes with three default application scopes:

Role.Admin: The Role.Admin authorization scope is intended for your GIP admin. An admin manages the users and provides their permissions.
Role.Supervisor: The Role.Supervisor authorization scope is intended for supervisors. A supervisor installs new applications for a set of users and/or groups.
Role.User: The Role.User authorization scope is intended for your standard user. A user runs the installed applications.

Add an authorization scope

You can add new authorization scopes.

To add an authorization scope, select Security > Authorization, then click Create. Enter the new authorization scope name (it must start with "Role.") and description. Click OK to save your changes.

Once added:

It appears as a scope (under the Authorization API) when you are working with Groups (you can add it to a group)
It appears in the user-specific scope list when you go to manage a user.
It appears as a possible authorization scope for an application.

Modify an authorization scope

You can change the name and/or description of an existing authorization scope.

To modify an authorization scope, select Security > Authorization. Select the row containing the authorization scope to modify. Click Change. The fields for the selected authorization scope become editable.

The Name field must start with the preface "Role."

When you have completed your edits, click OK to save your changes.

Remove an authorization scope

To remove an authorization scope, select Security > Authorization. Select the row containing the authorization scope to remove and click Remove. A confirmation dialog appears asking you to confirm your selection, as the removal cannot be undone.