Managing administrative roles

Top  Previous  Next

Administrative roles are a way for you to restrict administrative access to areas of the application using domain, module and tagged data as criteria. For example, you may wish to create an administrative role that allows an administrator to only see Triggers for a specific domain.  Another example might be an administrative role that limits the Users that an administrator can see to those tagged users within a specific geographic region. Administrative roles may be managed from the Roles tab in the administrative user interface.

 

Add - Click to add an administrative role (see Adding administrative roles)

Edit - Select an existing role and then click this button to edit that role

Copy - Select an existing role and then click this button to copy that role (see Copying administrative roles)

Delete - Select an existing role and then click this button to delete that role

 

Figure 199

 

clip0199

 

 

Adding administrative roles

 

To add a Role click on the Add button.  The Add Role dialog will be displayed.

 

Figure 200

 

clip0200

 

Name - The unique name to assign this role.

 

Global Permissions

 

Global permissions are those permissions which are not domain specific.

 

Manager Service - Defines whether administrators assigned to this role can Read/Write settings under Settings > Manager Service.

 

Datastore - Defines whether administrators assigned to this role can Read/Write settings under Settings > Datastore.

 

Web - Defines whether administrators assigned to this role can Read/Write settings under Settings > Web.

 

Email - Defines whether administrators assigned to this role can Read/Write settings under Settings > Email.

 

Failover - Defines whether administrators assigned to this role can Read/Write settings under Settings > Failover.

 

Search Index - Defines whether administrators assigned to this role can Read/Write settings under Settings > Search Index.

 

JMX - Defines whether administrators assigned to this role can Read/Write settings under Settings > JMX.

 

Updates - Defines whether administrators assigned to this role can Read/Write settings under Settings > Updates.

 

Keystore - Defines whether administrators assigned to this role can Read/Write settings under Keys.

 

Statistics - Defines whether administrators assigned to this role can read the Status page. If a role-based administrative user doesn't have Read permissions for this option, then information that relies on this access (e.g. Dashboard) will not be available, nor will that administrative user be able to access the RESTful API /management/server/statistics.

 

Action Center - Defines whether administrators assigned to this role can Read/Write settings under Status > Action Center.

 

License - Defines whether administrators assigned to this role have Read/Write access to License information. If Read is disabled (default), then read access to license information is restricted. If Write is disabled (default), then write access (ability to install license) is restricted. The Help > Install License menu item will not be visible if Write permissions is disabled.

 

Restrict directory access to - Defines what local directory administrators assigned this role can access, i.e. Read from or Write to, in the administrative interface. This includes directory paths used in trigger actions, AS2 Messages > Send File, OFTP Messsages > Send File, etc.

 

Domain Permissions

 

Domain permissions define those functions that an administrative user can perform for one or more domains.  These permissions must be explicitly defined (i.e. if a role is not assigned permissions for a domain then administrative users assigned to that role will not be able to access that domain).

 

 

Figure 203

 

clip0203

 

Domain Name - The domain these permissions apply to.

 

Accessible - Whether or not domain is accessible to role.  Default is false.

 

Tags - Optional tags assigned to role.  See Managing administrative tags.

 

To add domain permissions click the Add button.  The Domain Access dialog will then be displayed.

 

Figure 201

 

clip0201

 

Domain - The domain to add permissions for.

 

Once the domain has been added to the role you will then need to define permissions for that domain.  To do this select the desired domain and click the Permissions button.  The Domain Permissions dialog will then be displayed.

 

Figure 202

 

clip0202

 

 

 

Description - Defines whether role has Read/Write permissions to the Description module for the domain.

 

Lmitis - Defines whether role has Read/Write permissions to the Limits module for the domain.

 

Statistics - Defines whether role has Read permission to the Statistics module for the domain.

 

Sessions - Defines whether role has Read/Write permissions to the Sessions module for the domain.

 

Domain Status - Defines whether role has ability to change status of the domain (start/stop/pause/resume/restart). This requires Write permission.

 

Services - Defines whether role has Read/Write permissions to the Services module for the domain.

 

Keys - Defines whether role has Read/Write permissions to the Keys module for the domain

 

Logging - Defines whether role has Read permission to the Logging module for the domain.

 

Logging Settings - Defines whether role has Read/Write permissions to the Logging > Settings module for the domain.

 

Searching - Defines whether role has Read/Write permissions to the Logging > Search module for the domain.

 

Reports - Defines whether role has Read/Write permissions to the Reports module for the domain.

 

AS2 Messages - Defines whether role has Read/Write permissions to the AS2 Messages module for the domain.

 

OFTP Messages - Defines whether role has Read/Write permissions to the OFTP Messages module for the domain.

 

Time Access - Defines whether role has Read/Write permissions to the Time Access module for the domain.

 

Banned Files - Defines whether role has Read/Write permissions to the Banned Files module for the domain.

 

Password Compliance - Defines whether role has Read/Write permissions to the Password Compliance module for the domain.

 

IP Access - Defines whether role has Read/Write permissions to the IP Access module for the domain.

 

DLP - Defines whether role has Read/Write permissions to the DLP module for the domain.

 

Connections - Defines whether role has Read/Write permissions to the Connections module for the domain.

 

Triggers - Defines whether role has Read/Write/Run permissions to the Triggers module for the domain.

 

Authentication - Defines whether role has Read/Write permissions to the Authentication module for the domain.

 

Accounts - Defines whether role has Read/Write permissions to the Accounts module for the domain.

 

Groups - Defines whether role has Read/Write permissions to the Groups module for the domain.

 

Network Storage - Defines whether role has Read/Write permissions to the Network Storage module for the domain.

 

Directory Monitors - Defines whether role has Read/Write permissions to the Directory Monitors module for the domain.

 

Drop Zones - Defines whether role has Read/Write permissions to the Drop Zones module for the domain.

 

URL Branding - Defines whether role has Read/Write permissions to the URL Branding module for the domain.

 

Trading Partners - Defines whether role has Read/Write/Send permissions to the Trading Partners module for the domain.

 

Contacts - Defines whether role has Read/Write permissions to the Contacts module for the domain.

 

Restrict trigger event types to selected - When clicked from OFF to ON, you will be able to restrict access of this administrative role to specific trigger event types. You can specify which trigger event types will only be accessible to this administrative role by clicking the specific events in the list.

 

Restrict trigger function types to selected - When clicked from OFF to ON, you will be able to restrict access of this administrative role to specific trigger functions. You can specify which trigger functions will only be accessible to this administrative role by clicking the specific functions in the list.

 

Restrict trigger actions to selected - When clicked from OFF to ON, you will be able to restrict access of this administrative role to specific trigger actions. You can specify which trigger actions will only be accessible to this administrative role by clicking the specific actions in the list. .

 

The trigger event types, function types, and actions that are selected in their respective lists are the only events, functions, and actions that may be chosen by the administrative role in question when creating a trigger, whether via the GUI, API, or other tools.

 

 

 

Figure 298

 

clip0298

 

 

Copying administrative roles

 

When creating an administrative role, it is often the case that the new role is just a slight modification of an existing role. To shorten the creation process of the new role, you may simply copy the definitions of that existing role. To do that, select the role you want to copy and click the Copy button.

 

 

Figure 333

 

clip0333

 

 

Name - Enter the desired name for the new role into this field

 

Open edit dialog after copying - Leave this check box checked if you wish to review or edit the settings of the new role as soon as the copy completes.

 

 

Figure 334

 

clip0334

 

 

 

 

 

 





Home | Company | Products | Solutions | Purchase | Support | Services | Blog

© 2022 Redwood Software, Inc.