Create a Role

A role (e.g., Manager, Developer, Analyst, etc.) can be used to assign permissions to a set of users who perform a similar set of functions. You can create and edit roles in Enterprise Manager only when using the ‘Default’ authentication provider.

Create a New Role

To add a new role, follow the steps below:

  1. Press the ‘Settings’ button setting at the top of Enterprise Manager.

  2. Select the Security page in the left panel.

    Figure 23 1

  3. Select the Users tab.

    securityDefineUsers

  4. From the ‘Provider Name’ menu, select the security provider under which to define roles.

  5. If multi-tenancy is enabled, from the ‘Select Organization’ menu, choose the desired organization. This feature is available only in Enterprise Edition.

    organization1

    Settings you make in the steps below apply only to the selected organization. Users and assets of other organizations are not affected. Note that some settings may only be available to the Host Organization, and are only visible to the Site Administrator.

  6. Press the ‘New Role’ link below the navigation tree. This creates a role with a default name ‘roleN’ (role0, role1, etc.).

    server5

  7. Type in the ‘Name’ field to change the name of the role.

  8. Optional: To select a Portal theme for the role, choose the desired theme from the ‘Theme’ menu. (See Presentation for information about how to create a theme.) This feature is available only in Enterprise Edition.

    The multi-tenant feature in Enterprise Edition must be disabled. See Enable Multi-Tenancy for more information.

  9. Optional: To add the users or groups to a role, press the Add button in the ‘Assigned to’ area. Choose the desired users(s) or group(s) in the ‘Add Group/User’ dialog box (Ctrl-click to select multiple groups or users), and press Add.

    securityDefineRole

  10. Optional: To inherit permission from another role, press the Add button in the ‘Inherit from’ area. Choose the desired role(s) in the ‘Add Role’ dialog box (Ctrl-click to select multiple roles), and press Add. The new role will inherit all permissions from the roles selected in this list.

  11. Optional: To add administrative permission for the role (ability for other users to administer this role), press the Add button in the ‘Administrator Permissions’ area. Choose the desired user(s), groups(s), or role(s) in the ‘Add Permission’ dialog box (Ctrl-click to select multiple items), and press Add. Users, groups, or roles granted such administrative privileges will be able to use Enterprise Manager to remove the role or reassign users and groups to the role.

  12. Press Apply to save your changes.

  13. Repeat the above steps to add additional roles.

Edit an Existing Role

To edit a role, follow the steps below:

  1. Press the ‘Settings’ button setting at the top of Enterprise Manager.

  2. Select the Security page in the left panel.

    Figure 23 1

  3. Select the Users tab.

    securityDefineUsers

  4. From the ‘Provider Name’ menu, select the security provider under which to define roles.

  5. If multi-tenancy is enabled, from the ‘Select Organization’ menu, choose the desired organization. This feature is available only in Enterprise Edition.

    organization1

    Settings you make in the steps below apply only to the selected organization. Users and assets of other organizations are not affected. Note that some settings may only be available to the Host Organization, and are only visible to the Site Administrator.

  6. Expand the ‘Roles’ node on the tree, and select the desired role.

  7. Make any desired edits and press Apply.

Rules for Users, Groups, Roles

The following are some rules which govern users, roles and groups:

  • Users, groups, and roles are defined independently for different organizations if multi-tenancy is enabled. The exceptions are the Administrator role and Organization Administrator role, which are predefined and global. See Enable Multi-Tenancy for more information. If multi-tenancy is not enabled, all users, groups, and roles belong to the Host Organization.

  • Groups and Roles are independent, i.e., you do not have to define both groups and roles in your system. You can have one or the other, or both.

  • A user can belong to more than one group.

  • A user can have multiple roles.

  • An entire group can be assigned one or more roles.

  • A role can be applied to one or more groups.

  • A role can inherit all the permissions from another role.

  • Permissions to assets can be assigned directly to users, groups, and roles.

  • When troubleshooting user problems, it is often useful for the administrator to log into the Portal as a particular user. See Login as Different User. This allows the administrator to experience the application environment as the user experiences it, which makes it easier to replicate the user’s problem.