Administrative roles are a way for you to restrict administrative access to areas of the application using domain, module and tagged data as criteria. For example, you may wish to create an administrative role that allows an administrator to only see Triggers for a specific domain. Another example might be an administrative role that limits the Users that an administrator can see to those tagged users within a specific geographic region. Administrative roles may be managed from the Roles tab in the administrative user interface.
Add - Click to add an administrative role (see Adding administrative roles)
Edit - Select an existing role and then click this button to edit that role
Copy - Select an existing role and then click this button to copy that role (see Copying administrative roles)
Delete - Select an existing role and then click this button to delete that role
Figure 199
To add a Role click on the Add button. The Add Role dialog will be displayed.
Figure 200
Name - The unique name to assign this role.
Global Permissions
Global permissions are those permissions which are not domain specific.
Manager Service - Defines whether administrators assigned this role can access settings under Settings > Manager Service.
Datastore - Defines whether administrators assigned this role can access settings under Settings > Datastore.
Web - Defines whether administrators assigned this role can access settings under Settings > Web.
JDBC Drivers - Defines whether administrators assigned this role can access settings under Settings > JDBC Drivers.
Email - Defines whether administrators assigned this role can access settings under Settings > Email.
Failover - Defines whether administrators assigned this role can access settings under Settings > Failover.
Search Index - Defines whether administrators assigned this role can access settings under Settings > Search Index.
JMX - Defines whether administrators assigned this role can access settings under Settings > JMX.
Keystore - Defines whether administrators assigned this role can access settings under Keys.
Statistics - Defines whether administrators assigned this role can access the Status page. If a role-based administrative user doesn't have Read permissions for this option, then information that relies on this access (e.g. Dashboard) will not be available, nor will that administrative user be able to access the RESTful API /management/server/statistics.
License - Defines whether administrators assigned this role have Read or Write access to License information. If Read is disabled (default), then read access to license information is restricted. If Write is disabled (default), then write access (ability to install license) is restricted. The Help > Install License menu item will not be visible if Write permissions is disabled.
Restrict directory access to - Defines what local directory administrators assigned this role can access, i.e. read from or write to, in the administrative interface. This includes directory paths used in trigger actions, AS2 Messages > Send File, OFTP Messsages > Send File, etc.
Domain Permissions
Domain permissions define those functions that an administrative user can perform for one or more domains. These permissions must be explicitly defined (i.e. if a role is not assigned permissions for a domain then administrative users assigned to that role will not be able to access that domain).
Figure 203
Domain Name - The domain these permissions apply to.
Accessible - Whether or not domain is accessible to role. Default is false.
Tags - Optional tags assigned to role. See Managing administrative tags.
To add domain permissions click the Add button. The Domain Access dialog will then be displayed.
Figure 201
Domain - The domain to add permissions for.
Once the domain has been added to the role you will then need to define permissions for that domain. To do this select the desired domain and click the Permissions button. The Domain Permissions dialog will then be displayed.
Figure 202
Description - Defines whether role has access to Description module for the domain.
Statistics - Defines where role has access to Statistics module for the domain.
Sessions - Defines whether role has access to Sessions module for the domain.
Domain Status - Defines whether role has ability to change status of the domain (start/stop/pause/resume/restart).
Services - Defines whether role has access to Services module for the domain.
Logging - Defines whether role has access to Logging module for the domain.
Logging Settings - Defines whether role has access to Logging > Settings module for the domain.
Searching - Defines whether role has access to Logging > Search module for the domain.
Reports - Defines whether role has access to Reports module for the domain.
AS2 Messages - Defines whether role has access to AS2 Messages module for the domain.
OFTP Messages - Defines whether role has access to OFTP Messages module for the domain.
Time Access - Defines whether role has access to Time Access module for the domain.
Banned Files - Defines whether role has access to Banned Files module for the domain.
Password Compliance - Defines whether role has access to Password Compliance module for the domain.
IP Access - Defines whether role has access to IP Access module for the domain.
DLP - Defines whether role has access to DLP module for the domain.
Connections - Defines whether role has access to Connections module for the domain.
Triggers - Defines whether role has access to Triggers module for the domain.
Authentication - Defines whether role has access to Authentication module for the domain.
Accounts - Defines whether role has access to Accounts module for the domain.
Groups - Defines whether role has access to Groups module for the domain.
Network Storage - Defines whether role has access to Network Storage module for the domain.
Directory Monitors - Defines whether role has access to Directory Monitors module for the domain.
Drop Zones - Defines whether role has access to Drop Zones module for the domain.
URL Branding - Defines whether role has access to URL Branding module for the domain.
Trading Partners - Defines whether role has access to Trading Partners module for the domain.
Contacts - Defines whether role has access to Contacts module for the domain.
Restrict trigger event types to selected - When ticked, you will be able to restrict access of this administrative role to specific trigger event types. You can specify which trigger event types will only be accessible to this administrative role by expanding the drop-down and then ticking the specific events in the list below the checkbox.
Restrict trigger function types to selected - When ticked, you will be able to restrict access of this administrative role to specific trigger functions. You can specify which trigger functions will only be accessible to this administrative role by expanding the drop-down and then ticking the specific functions in the list below the checkbox.
Restrict trigger actions to selected - When ticked, you will be able to restrict access of this administrative role to specific trigger actions. You can specify which trigger actions will only be accessible to this administrative role by expanding the drop-down and then ticking the specific actions in the list below the checkbox.
The trigger event types, function types, and actions that are selected in their respective lists are the only events, functions, and actions that may be chosen by the administrative role in question when creating a trigger, whether via the GUI, API, or other tools.
Figure 298
When creating an administrative role, it is often the case that the new role is just a slight modification of an existing role. To shorten the creation process of the new role, you may simply copy the definitions of that existing role. To do that, select the role you want to copy and click the Copy button.
Figure 333
Name - Enter the desired name for the new role into this field
Open edit dialog after copying - Leave this checkbox checked if you wish to review or edit the settings of the new role as soon as the copy completes.
Figure 334
