Administrative roles are a way for you to restrict administrative access to areas of the application using domain, module and tagged data as criteria. For example, you may wish to create an administrative role that allows an administrator to only see Triggers for a specific domain. Another example might be an administrative role that limits the Users that an administrator can see to those tagged users within a specific geographic region. Administrative roles may be managed from the Roles tab in the administrative user interface.
Figure 199
To add a Role click on the Add button. The Add Role dialog will be displayed.
Figure 200
Name - The unique name to assign this role.
Global Permissions
Global permissions are those permissions which are not domain specific.
Manager Service - Defines whether administrators assigned this role can access settings under Server > Settings > Manager Service.
Datastore - Defines whether administrators assigned this role can access settings under Server > Settings > Datastore.
Domain Startup - Defines whether administrators assigned this role can access settings under Server > Settings > Domain Startup.
Web - Defines whether administrators assigned this role can access settings under Server > Settings > Web.
JDBC Drivers - Defines whether administrators assigned this role can access settings under Server > Settings > JDBC Drivers.
Email - Defines whether administrators assigned this role can access settings under Server > Settings > Email.
Failover - Defines whether administrators assigned this role can access settings under Server > Settings > Failover.
Search Index - Defines whether administrators assigned this role can access settings under Server > Settings > Search Index.
JMX - Defines whether administrators assigned this role can access settings under Server > Settings > JMX.
Keystore - Defines whether administrators assigned this role can access settings under Server > Key Manager.
Domain Permissions
Domain permissions define those functions that an administrative user can perform for one or more domains. These permissions must be explicitly defined (i.e. if a role is not assigned permissions for a domain then administrative users assigned to that role will not be able to access that domain).
Figure 203
Domain Name - The domain these permissions apply to.
Accessible - Whether or not domain is accessible to role. Default is false.
Tags - Optional tags assigned to role. See Managing administrative tags.
To add domain permissions click the Add button. The Domain Access dialog will then be displayed.
Figure 201
Domain - The domain to add permissions for.
Once the domain has been added to the role you will then need to define permissions for that domain. To do this select the desired domain and click the Permissions button. The Domain Permissions dialog will then be displayed.
Figure 202
Services - Defines whether role has access to Services module for the domain.
Logging - Defines whether role has access to Logging module for the domain.
Logging Settings - Defines whether role has access to Logging > Settings module for the domain.
Searching - Defines whether role has access to Logging > Search module for the domain.
Reports - Defines whether role has access to Reports module for the domain.
AS2 Messages - Defines whether role has access to AS2 Messages module for the domain.
OFTP Messages - Defines whether role has access to OFTP Messages module for the domain.
Time Access - Defines whether role has access to Time Access module for the domain.
Banned Files - Defines whether role has access to Banned Files module for the domain.
Password Compliance - Defines whether role has access to Password Compliance module for the domain.
IP Access - Defines whether role has access to IP Access module for the domain.
DLP - Defines whether role has access to DLP module for the domain.
Connections - Defines whether role has access to Connections module for the domain.
Triggers - Defines whether role has access to Triggers module for the domain.
Authentication - Defines whether role has access to Authentication module for the domain.
Accounts - Defines whether role has access to Accounts module for the domain.
Groups - Defines whether role has access to Groups module for the domain.
Reverse Proxies - Defines whether role has access to Reverse Proxies module for the domain.
Directory Monitors - Defines whether role has access to Directory Monitors module for the domain.
Drop Zones - Defines whether role has access to Drop Zones module for the domain.
URL Branding - Defines whether role has access to URL Branding module for the domain.
Trading Partners - Defines whether role has access to Trading Partners module for the domain.
Contacts - Defines whether role has access to Contacts module for the domain.