Access restriction based on access control

If you have the View scope in the contract that a domain belongs to, you can access the domain page by URL or bookmark if the domain name is valid. However, the actions on the domain page (for example, buttons and fields) will be grayed out if you do not have the Edit or Add scopes. For example, if you try to view a domain that is owned by someone else you will see an error message stating that you do not have access to that site.

All URLs and routes are restricted by role-based access control (RBAC). RBAC is a means to regulate access to resources based on the roles and scopes assigned to a user. This access lets a user perform tasks such as view, add, or edit.

You can download and validate the domain configuration file for a domain regardless of your scope but the domain must be in a clean, pristine state with no pending changes. To upload a configuration file, you need Edit scope and the domain must be clean with no pending changes. To validate a file you need Add and Edit scope.

When you click on a domain name in the domains list, the system checks the scope of the contract for that domain and determines which UI features to enable or disable for your use. Users cannot add a new property or upload a configuration file as the button and link are grayed out. Users can view the history and download the configuration file.

Note that when you are on a page within a domain that all actions and elements are restricted by scope. All actions and elements are disabled if you do not have the appropriate scope.

If you have access to Control Center Identity Services you can check your account information and accessible scopes.