User Permissions

Domains

The following domains are used within a Bayware network.

Domain Type Description
Administrative Responsible for all platform administration
Infrastructure Responsible for tasks within the switching domain at the Bayware Engines
User Responsible for tasks within the workload domain at the Bayware Agents

System Roles

System roles are globally unique. By default, six system roles are created at the time of controller installation.

Role Name Domain Type    
  Administrative Infrastructure User
systemAdmin
userDomainAdmin
contractAdmin
hostOwner
infrDomainAdmin
switchOwner

The system roles have the following permissions

System Role Permissions System Role        
  systemAdmin domainAdmin contractAdmin hostOwner switchOwner
Service Management          
Install, update, delete service template
Domain Management          
Create, modify, and delete user domain
Assign service template to user domain
Allocate pool of topic identifiers for user domain
User Management          
Create, modify, and delete user
Assign system role ‘systemAdmin’ to user
Assign system role ‘domainAdmin’ to user
Assign system role ‘topicAdmin’ to user
Assign system role ‘topicViewer’ to user
Assign system role ‘hostOwner’ to user
Assign system role ‘switchOwner’ to user
Topic Management          
Create, modify, and delete topic
Assign group identifier to topic
Assign service template to topic
Assign user with the system role ‘topicAdmin’ to manage topic
Create, modify, and delete topic role by configuring service role
Assign topic role to user with system role ‘hostOwner’ or ‘topicViewer’
Topic Operations          
Receive topic role initial configuration (service role, group identifier, expire time, etc.)
Receive service token (auth) and authorization tag
Receive path
Receive program data set
Receive instruction set
Node Operations          
Receive network node initial configuration (controller’s certificate, domain, etc.)
Receive network token
Register host
Register switch
Register connection
Register endpoint (socket with topic role)
Receive switch and connection tags
Receive topic policy
Publish usage data (per flow)
Publish performance data (per connection and interface)
Publish fault and performance alerts (on memory, processor, and queue load)