Access and permissions

To access the Aspect Model Catalog in your tenant’s workspace, you need — besides access to the tenant itself — the corresponding roles to work with the Aspect Model Catalog.

Your tenant manager can grant you access and permissions, also for technical clients (technical users). As a tenant manager, handle user management with the Multitenant Access Control portal.

Available default roles for Aspect Model Catalog:

Name Description Role key

Name	Description	Role key
Model Viewer	Required to see the application and its contents in your tenant’s workspace. With only that role, users can browse the Aspect Model Catalog.	`VIEWER`
Model Editor	Additionally, with this role, users have Write permission for Aspect Models.	`EDITOR`
Model Manager	Additionally, with this role, users can release Aspect Models and namespaces.	`MODEL_MANAGER`

Model Viewer

Required to see the application and its contents in your tenant’s workspace.
With only that role, users can browse the Aspect Model Catalog.

VIEWER

Model Editor

Additionally, with this role, users have Write permission for Aspect Models.

EDITOR

Model Manager

Additionally, with this role, users can release Aspect Models and namespaces.

MODEL_MANAGER

As a developer, note that the URN (included in the token) for a role gets constructed as follows:

urn:macma-application-role:<tenant-id>:<client-id>:<role-key>

The placeholders mean:

<tenant-id> — Your tenant ID.
<client-id> — Part of the credentials for your technical client. The client credentials were created when the corresponding module was created. See also Modules: Grant access for technical clients.
<role-key> — Is indicated for each role in the role overview.