6. Permissions

6.1. User roles

If using the default sql file from the Initial setup, MSUI will come with a few pre-defined roles but it is also possible to create custom roles with different permissions depending on your needs. The user roles define the scope for a user and dictates which settings they are allowed to read/write.

6.2. Inheritance

User permissions are set by domain hierarchy and the user’s role, users of the parent domain will have full rights to the child domain and all child domains below it.

_images/halon_msui_domain_hierarchy.png

6.3. Global settings

The global settings can be used to simplify the management of domain-specific configurations. Rather than manually configuring settings for each new domain, global settings allow you to define default configurations for a domain which are automatically inherited by its child domains. For instance, if a particular setting is initially disabled in MSUI, the global setting can override this and set it to be enabled by default across all affected domains.

  +----------------------+
  |    Global Setting    |
  +----------------------+
             |
     +---------------+
     |  example.com  |
     +---------------+
        /          \
       v            v
+------------+  +------------+
| example.se |  | example.io |
+------------+  +------------+

6.4. Two-factor authentication

Two-factor authentication can be enabled for user accounts from the profile page to add an extra layer of protection to an account, the two-factor authentication in MSUI uses the mobile app called Google Authenticator to generate a rolling 6-digit token used to verify the account.