Improved Role Management for Snow

Date: 08. May 2017

With MatchPoint Snow 1.2.0 and 2.2.0 we introduced an improved concept for roles management.

In the previous versions there were only three roles available: Owner, Reader, Member. And extending this number of roles was not that straightforward.

With this release of MatchPoint Snow it is now possible to define any number of roles.

Add new Role

New roles can be defined on many levels, i.e.:

  • Snow configuration
  • Snowflake configuration
  • Workspace types

For our example we will create a new role in the Snow Configuration:

To add a new role, simply open Snow Configuration, select “Roles” and click on “Role” in the ribbon.

The new role has some properties to be set:

  • Name: The unique identifier of the role which used to reference the role in other configurations such as the “ProvisioningConfiguration”.
  • Permissions: Specifies the permission level which users in this role will have granted.
  • DefaultUsers: Allows to select users, which will be added to this role by default on workspace creation.
  • IsSingle: Specifies whether the role is forced to contain only one user.

Provisioning Configuration

As a next step, you should make proper changes in the configuration of type "Provisioning Configuration". In the configuration, please go to the property ProvisioningConfiguraion - > WebDefinition -> PermissionAssignments, and add each role with proper permission level (we suggest to use “Reader” or “Contributor”).

Workspace Template Configuration

As a last part of role creation, please open related configuration of type “Workspace Template Configuration” and specify the roles with “Owner” permission set in the property RoleTagDefinition -> IncludedRoles. This allows to properly apply tags on created workspaces. Please note, that it is recommended to specify roles with “Owner” permission only.

Role Reference

To use roles in a workspace type, they not always have to be defined in the workspace types. It is possible to use roles which are defined on higher levels (Snow configuration or Snowflake configuration). In order to use such a role, a reference to the role has to be created:

Whithin the role reference you have to specifiy the "RoleLink" property which specifies the link to the referenced role.

Please note that only roles defined or referenced in the workspace type will be available on this workspace after creation, even if some roles are defined on snow or snowflake level.

Public Readers

Public readers for a workspace type are now specified via roles as well. Within the workspace type one or more "PublicReaderDefinition" can be specified. A "PublicReaderDefinition" defines which users ("Accounts" property) are added to the specified reader group ("ReaderRoleId" property) when the workspace becomes public.

Creator Role

Also, in the workspace type it is possible to specify to which role of the workspace the user is added when he creates a workspace. Previously this user was added by default to the “Owner” role.

We recommend to select for such a purpose, roles with “Owner” permission set, but it is allowed to select any type of role.

results matching ""

    No results matching ""