Role-Based Access for Freestyle Orchestrator Workflows

Role-based access to Freestyle is key in providing access to the workflow functionality and resources within the workflows based on the individual roles of the administrators. An admin can create roles to perform the following tasks:

• Create, edit, publish, and delete a workflow
• Add or edit resources within a workflow

To create a new role, navigate to Accounts > Administrators > Add Role and click Freestyle > Details to view all the roles that an admin can create. For example, if an administrator has permission to add applications, but not publish the applications, then the admin can add apps to a workflow but cannot publish the workflow. The workflow permissions for an admin are described in the following list:

• The OG admin must have workflow permissions at the organization group (OG) the workflow is created to add or delete resources in a workflow.
• The child OG admins can add parent OG resources to their workflow without full management permissions on the parent OG.
• An admin at the current OG level has permissions to read workflows above and below their current OG level. When creating a workflow at the current OG, the admin cannot add resources that are managed at the child OGs, to avoid an incorrect assignment of child OG resources to the devices at the parent OG.
• If an admin has permissions at the higher OG, then the admin must be able to reference resources from an OG or inherited from a higher OG and assign the resources. For example, the admin must be able to assign or publish the resources as part of the workflow for applications managed at an OG or above the OG. The admin has permissions at the level the application is managed.

An admin can add or edit, delete, and view permissions for a workflow. Freestyle access permissions for the admin roles are described in the following table.

Table 8-1. Freestyle Orchestrator Role-Based Permissions