Identity and Access Management (IAM)¶
These pages are part of the Identity and Access Management (IAM) module documentation.
The IAM module defines what users can do within Netsocs Synergy.
This section documents the two foundations of the RBAC model: Permissions and Policies.
Permissions Management¶
Permissions are the atomic building blocks of security in Netsocs Synergy.
Each permission represents a single and indivisible authorization to perform an action within the platform.
The Permissions Management section functions as a complete read-only dictionary of all possible actions.
Exploring Permissions¶
The main interface displays an exhaustive list of permissions with search tools.
| Column | Description |
|---|---|
| Permission Name | Unique identifier of the permission in the system. |
| Description | Clear explanation of the action it authorizes. |
- Includes a search bar to locate permissions by name or function.
Permission Nomenclature¶
Permissions follow a logical and self-descriptive convention:
module::action.
Examples:
- accessControl::canCreateDoors → Create new doors in Access Control.
- eventLog::canDeleteRecognitions → Delete recognitions in Event Log.
INFO
This section is for reference only.
Permissions are not assigned directly to users. Their function is to allow administrators to consult which actions can be used when designing policies.
Policy Management¶
A Policy is a set of permissions grouped under a descriptive name.
They are the practical implementation of job roles in Synergy.
Instead of assigning permissions one by one to each user, you assign the policy that contains them.
Policy Management Interface¶
The main screen lists all policies created in the system, showing:
- Policy name.
- Description.
- Permissions that make it up.
Creating a New Policy¶
Process to define a new role:
- In Policies Management, click
+ Create Policy. - Complete the two main steps:
Step 1: Define Name and Description¶
- Policy Name: Unique and descriptive name (e.g.,
monitoring-operator,access-supervisor). - Description: Brief explanation of the policy's purpose and the user to whom it will be applied.
Step 2: Assign Permissions¶
The interface presents two columns:
| Column | Content |
|---|---|
| Available Permissions | List of system permissions not yet added. |
| Assigned Permissions | Selected permissions that will be part of the policy. |
- Use the search bar to locate permissions.
- Move selected ones from left (available) to right (assigned).
TIP
Always apply the principle of least privilege: start with an empty list and add only what is necessary. It is safer to add permissions later than to remove those granted in excess.
- Click
OKorSaveto confirm.
The new policy will appear in the main list and will be ready to be assigned in the User Management section.