Neuroverse
User And Group Management
Security Model

Security Model

Neuroverse has a security model that allows the access and capabilities granted to users to be controlled by nominated administrators in a flexible way.

The security model has these main concepts:

  1. Tenant
  2. User
  3. Group
  4. Role
  5. Permission
  6. Tenant Administrators
  7. User Group Managers

Tenant: Each Neuroverse customer is provided with a Neuroverse tenant. All Neuroverse resources and data stores are associated with a tenant. The tenant concept ensures separation between customers on the platform and provides a scope to security configuration for a customer.

User: Each person with access to Neuroverse has a user account registered with the platform. A user is granted access to 1 or more tenants. It is possible for a single user to have access to multiple tenants.

Group: The capabilities that a user has within Neuroverse is governed by the groups they belong to, and the permissions that have been assigned to those groups as will be described later in this guide. The assignment of a user to a group is in the context of a tenant, such that the permissions that a user has in one tenant can be different to the permissions they have in another.

Groups can belong to other groups, forming a hierarchy. A user who belongs to a group, will obtain any permissions associated with that group directly as well as any permissions associated with that group via the group’s own membership of other groups.

There are 2 types of groups:

  • system groups
  • custom groups

System groups are automatically created by the system for each new tenant as a convenience. These have pre-configured roles. A system group may not be a member of other groups.

Custom groups are groups created by users. A custom group may be a member of another group. The use of custom groups is intended to support easier configuration of sets of users within a customer who should have like permissions.

Role: A role is a collection of permissions. Roles are assigned to groups which conveys the permissions within the role to all the members of the assigned group.

Permission: A permission grants a specific type of functionality. Permissions are associated with roles, which in turn are associated with groups.

Tenant Administrators: Tenant Administrators are the users who have been added to the “Tenant Administrator” group for the tenant. Members of this group are able to fully configure security for the tenant, including adding and removing other users, managing group memberships and role assignments. The membership of this group should be kept to a minimum.

User Group Managers: User Group Managers are the users who have been added to the “User Group Manager” group. These users have similar capabilities as Tenant Administrators except that they are unable to manage (or see) the Tenant Administrators group itself. The intent of this group is to provide sufficient capability to manage Neuroverse security for a tenant without the risk of inadvertent removal of tenant administrators.

Adding Users