Skip to content

Authorization

VDC has managed access using 4 different roles.

Global Roles

Global roles apply across the entire VDC platform and are not specific to any project.

VDC Users

This is the basic access level for anyone who wants to use VDC. The vdc_users role allows you to view any entity within VDC. This role is managed by a global AGS group: VDC_USERS. The group has a manager approval flow.

VDC Admins

This is the highest VDC role and is reserved for a small number of individuals within the VDC development team. The vdc_admins role combines the capabilities of project_admins for all projects in VDC. Additionally, it allows for the creation and deletion of projects, as well as the configuration of new ingredient types and other global VDC settings. The vdc_admins role is managed by a global AGS group: VDC_ADMINS, which is overseen by the VDC product manager.

Project Specific Roles

Project roles are specific to individual projects. When a new project is created, the requester must provide two AGS groups: one to manage the project admins and another to manage the project users. While it is not recommended, the requester can provide identical groups or groups that are used in other VDC projects.

Note about project roles: We could have added many more project roles to provide greater flexibility, but this would also increase complexity for users and the product. We decided to start with a lightweight approach, offering two roles: project admins and project users. We will consider adding new roles if there is a demonstrated need.

Project Admins

The project_admins role is the highest permission level within a project. Project admins have all the permissions of a project user and, in addition, can perform the following actions:

  • Create and delete feeds
  • Delete ingredients and ingredient releases
  • Delete workflows and workflow runs

Project Users

The project_users role grants its members all the permissions of vdc_users. Additionally, project users can perform the following actions:

  • Create new ingredients
  • Upload new ingredient releases
  • Create and edit workflow definitions
  • Start new workflow runs
  • Abort existing workflow runs