Pyramid supports two Admin types: Enterprise Admins and Domain Admins. While Enterprise Admins have complete access to the entire system and its settings, Domain Admins are granted access to specific parts of the system. In a multitenant environment, Domain Admins are limited to actions WITHIN the tenancy they belong to, while Enterprise Admins can work across tenants.
You can specify the Admin type for a user from the User page in the Admin Console, or when Auto Provisioning Jobs.
Granting Domain Admin Rights
When adding or editing a user that is a Domain Admin (purple arrow below), you can select which parts of the Admin Console that user should have access to using the Admin Rights options (blue highlight):
- Access: Grants administrative access to Users, Roles, Profiles, and User Defaults.
- Data: Grants administrative access to Data Source, Source Manager, and Pulse Node.
- Content: Grants administrative access to Webhooks.
- Schedules: Grants administrative access to Task Manager, Publications, Alerts, Subscriptions, and Models.
- Logs: Grants administrative access to Entries and Transactions.
- Mobile: Grants administrative access to Devices.
- Design: Grants administrative access to Themes, Custom Fonts, Email Templates, and Hub Templates.
- Geospatial: Grants administrative access to Custom Maps.
- AI and DSML: Grants administrative access to ML Environments.
Provisioning
You can also configure Admin Rights where Domain Admins are created using the provisioning:
- Auto Provisioning Jobs - Provisioning allows admins to auto-sync Pyramid's user accounts with security groups defined in some Authentication Providers. The engine runs periodically and provides a fast, automated, and convenient method for synchronizing users in Pyramid with users in Active Directory, Azure Active Directory, Open LDAP, or SAML or OpenID where Provider Provisioning Settings are configured.