This menu is for managing the user roles available on the aixtream system. This includes creating new user roles, editing and deleting existing ones. A user role is a set of permissions given to a user who is assigned that user role. Permissions are configured per Object and per Method.
| ! | When multiple user roles are assigned to the same user, the user gains the greatest number of rights between all their assigned user roles. It is recommended to only assign one user role per user. Instead of assigning multiple user roles to the same user, create a new user role with exactly the desired rights. |
| Definitions | |
| Object | Specific entities that the system and users interact with. For example configured connections (PIPEs), users, or applets. |
| Method | Specific processes that a user can perform, which are not bound to specific entities. For example rebooting the system, performing a factory reset or clearing the event log. |
| Key/Value | Attributes that define specific parameters about an object. These attributes can be referenced by LUA scripts (see below). |
| Element | Description |
| Create new role | Selection for creating a new user role. |
| List of existing user roles (List on the left) |
The list of created user roles. Select one to view and edit the permissions of that user role. |
| Field Role name | Field for entering or changing the name of the user role. |
| Objects tab | Changes view to the list of all available objects. |
| Methods tab | Changes view to the list of all available methods. |
| List of Objects/Methods |
The list of all editable objects or methods. View depends on selected tab (Objects or Methods). See following tables for an explanation of each Object and Method. |
| Attribute Editor |
Allows setting of specific “key” and “value” attributes in order to configure user rights for objects with those attributes. Example: Defining a set of attributes for a Stream object (PIPE) such that it is only visible (Read: Allow) for users with a specific user role. |
|
Expand/Contract button ⏷ (Right of an Object header) |
Opens or closes the full view of available permissions for that Object. See next table for an explanation of available options when the view is opened. |
| Option | Description |
| Attribute Editor |
Allows setting of specific “key” and “value” attributes in order to configure user rights for objects with those attributes. Example: Defining a set of attributes for a Stream object (PIPE) such that it is only visible (Read: Allow) for users with a specific user role. |
| Expand/Contract | Opens or closes the full view of available permissions for that Object. |
| Create | Toggles whether the user role is allowed to create new objects of this type. |
| Read | Toggles whether the user role is allowed to see objects of this type and inspect their configurations. |
| Update | Toggles whether the user role is allowed to change objects of this type (except deleting them entirely). |
| Destroy | Toggles whether the user role is allowed to delete objects of this type. |
| Custom LUA Script (/) |
Opens the field for a custom LUA script. A custom LUA script allows defining the rights of a user role in regards to this object in much greater detail. Example: Allowing a user role to Update only specific Stream objects, instead of every Stream object. Please contact support@ferncast.de if you need assistance with setting up a LUA script. |
| Custom LUA Script (Field) | Text field for entering a custom LUA script. |
| Prevent Attribute Adjustment |
Enters a preconfigured snippet of a LUA script into the custom LUA script field. This snippet prevents a user from adjusting attributes (key and value) of an object. This is important to prevent a user from expanding their permissions by adjusting attributes. |
| Only own Objects |
Enters a preconfigured snippet of a LUA script into the custom LUA script field. This snippet limits the user's associated permission to objects they have created. Example: A user is Allowed to Update objects, but only those they themselves have Created. |
| Option | Description |
| Aes67 |
AES67 objects, which are used to manage AES67 sessions. Note: AES67 objects are managed by the system. A user only requires Read rights. |
| Alarm |
Alarm objects, which inform the user of issues encountered by the system (warnings, errors, critical). Note: Alarm objects are managed by the system. For a user only Read rights are relevant. |
| Applet | Applet objects (in the Applets menu) |
| ArchiveUploader | Archive Uploader objects (the Archive Upload audio processing element and Uploader submenu) |
| AudioInputPort | Configuring audio input channels (the Audio source element) |
| AudioOutputPort | Configuring audio output channels (the Audio sink element) |
| Blob | Management of Stereo Tool objects (the Stereo Tool audio processing element). |
| CallPreset | The SIP Call widget available for the Dashboard menu. |
| CallProfile | Configuring call profiles (the Call Profile submenu). |
| Dashboard | Configuring dashboards (in the Dashboard menu) |
| DataWatch |
Managing objects that monitor the system. Note: (aixtream 3.10) Only relevant for monitoring of FM statistics, like SNR. |
| Demux | Configuring and using a demux (both the Demux menu as well as Demux source element). |
| DemuxChannel | Managing individual channels/programs of a demux. |
| ElementPreset | Configuring and using element presets (in an element config menu when configuring a PIPE). |
| EncryptionKey | Configuring a GPG encryption key (public and private). |
| FtpLogin | Configuring FTP logins for uploading files. |
| HttpLogin | Configuring HTTP logins for uploading files. |
| LibraryMirror | Configuring the on-demand transcoder for radio scheduling. |
| License | Uploading new license files into the system, refreshing the license status and interacting with the license system. |
| Metadata | Configuring metadata insertion elements. |
| MusicMasterLogin | Accessing a MusicMaster scheduling system via API. |
| NetPhy | Configuring network ports, including VLAN. |
| Network | Configuring any settings in the Network menu. |
| OnDemandJobPool | Interacting with the job pool for on-demand processing. |
| OnDemandStatistics | Viewing statistics for on-demand processing. |
| PhoneBookEntry | Configuring phonebook contacts in the Phonebook menu. |
| QuickAction | Using and configuring the Quick Action widget. |
| Role | Configuring and assigning user roles. |
| SipAccount | Configuring and using SIP accounts. |
| SipCall | Starting and stopping of SIP calls. |
| SmbLogin | Configuring Samba logins for uploading files. |
| SoundCard | Configuring the audio interfaces (in the Audio menu). |
| SqlLogin | Configuring SQL logins for database access. |
| SshLogin | Configuring SSH logins and using them for access to the system backend. |
| StationScheduler | Configuration of radio scheduling functionality. |
| Stream | Anything related to the configuration of PIPEs. |
| StreamGroup | Anything related to the configuration of PIPE groups. |
| SystemConfig | Configuring of the settings in the System menu. |
| UsbStorage |
Accessing and changing a connected USB storage medium. Note: USB storage mediums are accessible in the Archive menu. |
| User | Configuring User settings. |
| WebAudio |
Using the listen-in and session audio functionality. Note: Listen-in may also require limited access to the Stream object. |
| Wifi | Configuring Wifi access and connecting to Wifi networks. |
| Option | Permission |
| ApplyNetworkSettings | Applying a network configuration. Without this permission, a user can potentially change network configuration, but not apply it in the current session. |
| ArchiveAction | Performing actions in the Archive menu (e. g. download files). |
| ArchiveModify | Adding and changing files in the Archive menu. |
| ArchiveRead | See the file contents of the archive. |
| AudioDumpPipeline | (Debug) Creates a dot file of the individual elements of a PIPE or PIPE group. |
| CaptureNetwork | Starting a network capture on any interface via the Network menu. |
| CheckFactoryReset | (Debug) Check whether a factory reset will be performed on restart of the system. Without it, a user will not be warned when a restart will force a factory reset (for example after a version downgrade). |
| ClearLog | Empty the Log in the Log menu. |
| ConfigExport | Exporting the current system config. |
| ConfigImport | Importing another system config. |
| Echo | (Debug) Send a simple text to the WebAPI. The WebAPI returns this text. |
| ExportLog | Export the event log. |
| FactoryReset | Perform a factory reset. |
| GetAvailableReleases | Check for available system update. |
| GetJackConnections |
(Debug) List connections between audio jack ports. Note: This method is not normally accessible to users. |
| ImportLicense | Import a license file (offline or online). |
| InstallSoftwareUpdate | Perform a system update. |
| LogComment | Create a comment saved in the Log. |
| MonitoringStats | Check monitoring information WebAPI status. Without this permission, the usser cannot check the status page of the Web API. |
| NetlicenseTrigger |
Force triggers a check and refresh of the license (when using a license server). Note: Only relevant for systems using a network license. |
| NetworkConfigExport | Export network config only. |
| ReadLog | See the Log. |
| ReadStats | See the statistics visible in the Monitoring menu. |
| SystemReboot | Reboot the system via the WebAPI. |
| SystemShutdown | Reboot the system via the WebAPI. |
| TestSshLogin | Trigger a test of the SSH login to check credentials. |
| TriggerApplet | Manually trigger an applet via the respective button in the applet menu or a Quick Action button. |
| UserLogin | Allow login via the WebAPI. Without this permission, the user cannot use the WebAPI. |