Administrative roles are a way for you to restrict administrative access to areas of the application using domain, module and tagged data as criteria. For example, you may wish to create an administrative role that allows an administrator to only see Triggers for a specific domain. Another example might be an administrative role that limits the Users that an administrator can see to those tagged users within a specific geographic region. Administrative roles may be managed from the Roles tab in the administrative user interface.
Figure 199
To add a Role click on the Add button. The Add Role dialog will be displayed.
Figure 200
Name - The unique name to assign this role.
Global Permissions
Global permissions are those permissions which are not domain specific.
Manager Service - Defines whether administrators assigned this role can access settings under Settings > Manager Service.
Datastore - Defines whether administrators assigned this role can access settings under Settings > Datastore.
Web - Defines whether administrators assigned this role can access settings under Settings > Web.
JDBC Drivers - Defines whether administrators assigned this role can access settings under Settings > JDBC Drivers.
Email - Defines whether administrators assigned this role can access settings under Settings > Email.
Failover - Defines whether administrators assigned this role can access settings under Settings > Failover.
Search Index - Defines whether administrators assigned this role can access settings under Settings > Search Index.
JMX - Defines whether administrators assigned this role can access settings under Settings > JMX.
Keystore - Defines whether administrators assigned this role can access settings under Keys.
Domain Permissions
Domain permissions define those functions that an administrative user can perform for one or more domains. These permissions must be explicitly defined (i.e. if a role is not assigned permissions for a domain then administrative users assigned to that role will not be able to access that domain).
Figure 203
Domain Name - The domain these permissions apply to.
Accessible - Whether or not domain is accessible to role. Default is false.
Tags - Optional tags assigned to role. See Managing administrative tags.
To add domain permissions click the Add button. The Domain Access dialog will then be displayed.
Figure 201
Domain - The domain to add permissions for.
Once the domain has been added to the role you will then need to define permissions for that domain. To do this select the desired domain and click the Permissions button. The Domain Permissions dialog will then be displayed.
Figure 202
Description - Defines whether role has access to Description module for the domain.
Statistics - Defines where role has access to Statistics module for the domain.
Sessions - Defines whether role has access to Sessions module for the domain.
Domain Status - Defines whether role has ability to change status of the domain (start/stop/pause/resume/restart).
Services - Defines whether role has access to Services module for the domain.
Logging - Defines whether role has access to Logging module for the domain.
Logging Settings - Defines whether role has access to Logging > Settings module for the domain.
Searching - Defines whether role has access to Logging > Search module for the domain.
Reports - Defines whether role has access to Reports module for the domain.
AS2 Messages - Defines whether role has access to AS2 Messages module for the domain.
OFTP Messages - Defines whether role has access to OFTP Messages module for the domain.
Time Access - Defines whether role has access to Time Access module for the domain.
Banned Files - Defines whether role has access to Banned Files module for the domain.
Password Compliance - Defines whether role has access to Password Compliance module for the domain.
IP Access - Defines whether role has access to IP Access module for the domain.
DLP - Defines whether role has access to DLP module for the domain.
Connections - Defines whether role has access to Connections module for the domain.
Triggers - Defines whether role has access to Triggers module for the domain.
Authentication - Defines whether role has access to Authentication module for the domain.
Accounts - Defines whether role has access to Accounts module for the domain.
Groups - Defines whether role has access to Groups module for the domain.
Network Storage - Defines whether role has access to Network Storage module for the domain.
Directory Monitors - Defines whether role has access to Directory Monitors module for the domain.
Drop Zones - Defines whether role has access to Drop Zones module for the domain.
URL Branding - Defines whether role has access to URL Branding module for the domain.
Trading Partners - Defines whether role has access to Trading Partners module for the domain.
Contacts - Defines whether role has access to Contacts module for the domain.