Scopes
Understand how scopes control access and actions in NOVA Cloud.
NOVA evaluates access using scoped permissions, e.g., can_manage_cells or can_operate_programs.
These scopes are mapped to API endpoints and enforced during request authorization.
As Admins and Operators mostly work through the user interface, this mapping is abstracted away.
However, for Developers it becomes relevant when:
- Working directly with the API
- Troubleshooting authorization issues
Organization Scope
Global| Permission | Admin | Developer | Operator |
|---|---|---|---|
| Access all physical cellscan_access_all_physical_cells | |||
| Manage all physical cellscan_manage_all_physical_cells | |||
| Delete all physical cellscan_delete_all_physical_cells | |||
| Manage userscan_manage_users | |||
| Register physical cellscan_register_physical_cells | |||
| Create virtual cellscan_create_virtual_cells | |||
| Access all virtual cellscan_access_all_virtual_cells | |||
| Manage all virtual cellscan_manage_all_virtual_cells | |||
| Delete all virtual cellscan_delete_all_virtual_cells | |||
Instance Scope
Per Instance| Permission | Admin | Developer | Operator |
|---|---|---|---|
| Manage licensecan_manage_license | |||
| Manage cellscan_manage_cells | |||
| Manage cloud connectioncan_manage_cloud_connection | |||
| Restore systemcan_restore_system | |||
| Update systemcan_update_system | |||
| Access licensecan_access_license | |||
| Access systemcan_access_system | |||
| Backup systemcan_backup_system | |||
Cell Scope
Per Cell| Permission | Admin | Developer | Operator |
|---|---|---|---|
| Manage memberscan_manage_members | |||
| Manage appscan_manage_apps | |||
| Manage cellscan_manage_cells | |||
| Manage bus ioscan_manage_bus_ios | |||
| Manage controllerscan_manage_controllers | |||
| Manage programscan_manage_programs | |||
| Write collision worldcan_write_collision_world | |||
| View statuscan_view_status | |||
| View memberscan_view_members | |||
| Access appscan_access_apps | |||
| Operate bus ioscan_operate_bus_ios | |||
| Access cellscan_access_cells | |||
| Read collision worldcan_read_collision_world | |||
| Operate controllerscan_operate_controllers | |||
| Plan motioncan_plan_motion | |||
| Read objectscan_read_objects | |||
| Write objectscan_write_objects | |||
| Operate programscan_operate_programs | |||
| Operate virtual controllerscan_operate_virtual_controllers | |||
| Access systemcan_access_system | |||
What this means
- User interfaces are designed around tasks.
- Roles reflect responsibilities in an automation workflows.
- If an action, e.g., a button, a menu item, or a feature, is visible but fails:
- Verify the user’s role
- For cell related actions, verify cell membership