In a self-hosted instance of Tonic Structural, the default global permission set for Structural users is limited to creating workspaces.
Until you set the initial access to all global permissions, there is no way to manage or assign global permissions.
To set the initial access to all global permissions, you set the list of users or groups as the value of the environment setting TONIC_ADMINISTRATORS
.
The users and groups are assigned the built-in Admin (Environment) permission set.
From the Global Permission Sets list:
You cannot revoke the built-in Admin (Environment) permission set from those users or groups.
You cannot assign the Admin (Environment) permission set to other users or groups.
To change the assigned users and groups, you update the value of TONIC_ADMINISTRATORS
.
Update your .env file to include the email addresses or SSO groups the Structural users who should receive administrator access. The value can include both group names and user email addresses.
The docker-compose.yaml should contain the TONIC_ADMINISTRATORS
environment setting within the tonic_web_server
configuration block. If not, pull the newest version.
In the values.yaml file, under tonicai.web_server
, edit the administrators
property to include the email addresses of the Structural users who should receive administrator access.
To verify that you have the required version of the Helm charts, check that values.yaml contains the administrators
line.
tonic-web-server-deployment.yaml should contain a block for the TONIC_ADMINISTRATORS
environment setting. If not, pull the newest version from our Github repo.