Think of a Scope as the “where” within the who (Identity), what (Role), and where of a complete RSI Assignment access control. It defines the boundaries for which access is granted or where the specific policies (granted to Roles) are applied. A Scope can be an application, file, project, and more. For more information, see Scope Types.
By default, XAT includes a global scope,under which all RSI assignments can be made. This is the most popular way to create access controls. Scopes can also have a parent/child relationship. Creating custom scopes and assigning these relations can give finer control within an environment.
NOTE: When creating a custom scope, it is best to assign it as a child to the global scope.
Scope Types
The OneStream Scope Types have varying attributes each that can be combined with parent-child hierarchical assignment.
Generic Scope
A broad, or flexible, Scope that is not tied to any specific resource type. It is used to define boundaries for a variety of contexts, such as group configurations or operations that apply to multiple types of objects or resources.
Project Scope
This Scope controls access to a specific SensibleAI Forecast project and contains a project ID which is unique to each individual project. When a SensibleAI Forecast project is created, a Project Scope is automatically created. Additionally, a Manager role (read, write and delete) is given to the identity who created the project. This can be found in the RSI Assignments page. The Project Scope name will contain the project name. This scope will be deleted when the project is deleted.
NOTE: To grant viewer access to a specific project, find the project scope and create an RSI assignment with the Viewer role, the identity in question, and the project scope in question.
IMPORTANT: The following scopes are created by the AI Services applications themselves. Do not modify them in XAT under any circumstances
Application (App Scope) Scope
This Scope controls access to specific Applications.
App Solution Scope
This Scope contains attributes for controlling access to both an Application and Scope within a single Scope.
Solution Scope
This Scope contains access for a single solution.
Scopes
On the Scopes page, users can view, create, edit, delete, and assign Scopes. OneStream provided Scopes are System Creation Types and User/Administator created are custom. For single selections, users can expand views below to see Details, Assigned Scopes, and RSI Assignments.
RSI Assignments
View RSI Assignments and filter by Scope Creation Type.
