ZEN Master
ZEN Master User Guide
Account Management
4min
zen master features a multi tier access control mechanism that enables granular control of the access privileges down to the object level it manages access to all system objects, including resources (e g , zecs, broadcaster clusters, receivers, licenses, task sets, incidents, live events, maps, etc ), sources, channels (e g adaptive channels, pass through channels), targets, and reports the access control is managed through the following entities tags – each object (resource, source, channel, target, report) is assigned one or more tags the assignment of the tag is performed during the creation/configuration of the object the same tag can be assigned to several different objects roles – a role defines a set of privileges in the system a role is associated with one particular tag, enabling access to objects associated with that tag the role also designates what actions can be performed on each object type (i e resources, sources, channels, targets, and reports) actions include read (the ability to view data from the object), write (the ability to edit the object’s configuration), notify (the ability to receive email notifications/alerts regarding the object) a tag can be associated with one or multiple roles users and user groups – a user receives privileges in the system by being assigned one or multiple roles users can be assigned to user groups a user can be assigned a role either directly or through a user group to which he is assigned one or multiple users are designated as administrators an administrator can access and interact with all objects without need for assignment of specific roles he can also manage ssh keys, transcoding profiles and users summary a user can only access a specific object in the system if he is assigned a role that is associated with the tag that is assigned to that particular object, and has privileges that allow access to that object type for example user group/role/tag/object relations the diagram above illustrates the access privileges model notice the following users/user groups and roles relationships a user can be assigned to multiple roles (one to many) each role may have a different set of permissions (e g , read, write, notify), but not necessarily as the role's relationship to tags will also determine the access to the various objects user 1 is assigned to role 1 directly and to role 2 by being part of user group 1, which is assigned to role 2 user 2 is assigned to role 2 by being part of user group 1 user 3 is assigned to both role 2 and role 3 since roles are cumulative, user 3 will have both read and write permissions on the objects related to tag 2 roles and tags relationships each role can be assigned to a single tag only (one to one) however, more than one role can be assigned to the same tag role 1 is assigned to tag 1 role 2 and role 3 are both assigned to tag 2 tag 4 is not related to any roles in this sense, it is used to group objects this is useful, for example, when you want to search by tag for multiple objects share the same tag tags and objects relationships each tag can be assigned to multiple objects and each object can have multiple tags (many to many) tag 1 is related to objects 1, 2, and 3 tag 2 is also (like tag 1) related to object 3 tag 4 is related to objects 5 and 6 for grouping purposes only, as it is not related to a role from an end to end perspective user 1 has read write and notify permissions on objects 1, 2, and 3 as well as read only permission on object 4 user 2 has read only access permission on objects 3 and 4 user 3 has read and write permissions on objects 3 and 4 managing users and groups docid\ nqvk3s aynyyjcxdat4pq managing roles docid\ yexz8aix tjajzsol3ns editing your account details docid\ hua8tjs6g ybulymdlrhu configuring single sign on account settings docid\ u3mysb uqsaxvheml79pa