- GLOBAL_ADMIN: Represents the super user scope. There are two and only two users in the system that have profiles of this scope. ‘root’ and ‘portal’. ‘portal’ represents the CloudPortal Business Manager portal itself, and any operations done by the system are done as the ‘portal’ user.
- GLOBAL: Has global visibility across multiple tenants. These roles require that the user be a service operator user (i.e, is a member of the SERVICE tenant), which will be tested by the security system before granting users access.
- TENANT_ADMIN: Tenant scoped role that represents a tenant administrator. This user, as a rule, should have visibility across users in this tenant.
- TENANT: Tenant scoped roles are granted to users who have visibility across all users in a tenant. Roles in this scope are used to manage resources within a given tenant.
- USER: User scoped roles are roles that are granted to users who should have visibility to only what they own and manage.
When users are created, they are associated with a profile. This profile has a list of roles associated with the profile. Connectors should use these roles to determine the level of privilege the user should be provided when the user is created in their system.