Setting initial access to all global permissions

In a self-hosted instance of Tonic Structural, the default global permission set for Structural users is limited to creating workspaces.

Until you set the initial access to all global permissions, there is no way to manage or assign global permissions.

To set the initial access to all global permissions, you set the list of users or groups as the value of the environment setting TONIC_ADMINISTRATORS.

The users and groups are assigned the built-in Admin (Environment) permission set.

From the Global Permission Sets list:

• You cannot revoke the built-in Admin (Environment) permission set from those users or groups.

• You cannot assign the Admin (Environment) permission set to other users or groups.

To change the assigned users and groups, you update the value of TONIC_ADMINISTRATORS.

Docker deployments

Update your .env file to include the email addresses or SSO groups of the Structural users who should receive administrator access. The value can include both group names and user email addresses.

 TONIC_ADMINISTRATORS=admin_group,[email protected],[email protected]

The docker-compose.yaml should contain the TONIC_ADMINISTRATORS environment setting within the tonic_web_server configuration block. If not, pull the newest version.

Kubernetes deployments

In the values.yaml file, under tonicai.web_server, edit the administrators property to include the email addresses of the Structural users who should receive administrator access.

administrators: admin_group,[email protected],[email protected]

To verify that you have the required version of the Helm charts, check that values.yaml contains the administrators line.

tonic-web-server-deployment.yaml should contain a block for the TONIC_ADMINISTRATORS environment setting. If not, pull the newest version from our Github repo.