User roles in the manager

When you deploy the manager to an application server, the manager uses a predefined set of user roles. User roles define the tasks that each user can perform. Although user credentials are set up in the application server, the user credentials must use the roles that are supported by the manager.

Supported user roles

The manager supports the user roles that are listed in the following table. The administrator of the application server must map roles to user credentials so that users can sign onto the manager.

Table 1. User roles supported by the manager
Role ID Role name Description of role
0 admin The administrator of the manager, who is responsible for configuring the management servers, proxies, and services.
1 dba The database administrator, who is responsible for ensuring that the runtime environment has the resources needed to run the service against a database.
2 lob The line-of-business administrator, who is responsible for ensuring that the service is performing its intended function.
3 designer The service designer, who is responsible for creating and testing services and for publishing services to the repository.
4 operator The operator, who is responsible for scheduling and running services that are in the repository.

Assigning multiple user roles to a user

You can assign more than one user role to a single user. Each user role that you assign to a user gives the user access to the functions that are associated with the user role. For example, you assign the lob user role and the dba user role to a single user. For such a user, the user has access to the functions that are associated with both user roles.

User roles and users of external systems

For some product solutions, the manager might support the creation of user accounts that are based on user accounts on an external system. These product solutions might require you to create user accounts in this way to use the integration between the manager and the external system. When you use the manager to create such a user, you can assign any combination of user roles to the user.

Other elements of security

User roles are only one element of security that is provided by the manager. If a service is added to a service group, a user must be granted access to the service group before the user can run the service. Also, an administrator can configure tabs so that the tabs cannot be accessed by users who do not have a user role of admin. In these cases, a user might not be able to perform tasks that would otherwise be allowed by the user role.

Tasks

Each user role gives users permission to perform a set of tasks that are appropriate to users with that user role. The following tables indicate which tasks can be performed by users that have each user role.

Table 2. Configuration and preference tasks that can be performed by users with each security role
Tasks Roles
View Management Servers, Proxies, and Database Drivers on the Configuration tab admin, dba, lob, designer, operator
View Users and Groups and Tabs on the Configuration tab admin
Set registry location and global preferences admin
Set user and display preferences admin, dba, lob, designer, operator
Manage management servers and proxies admin
Manage licenses for management servers admin, dba
Manage database drivers in the repository admin, dba
Manage service groups admin
Grant and remove user access to service groups admin
Manage manager user accounts for users of external systems admin
Manage user-defined tabs admin
Change access to tabs in the manager admin
Table 3. Service management tasks that can be performed by users with each security role
Tasks Roles
View the Service Management tab admin, dba, lob, designer, operator
Run services and service sets admin, dba, lob, designer, operator
Schedule services and service sets admin, dba, designer, operator
Change service plan admin, dba, designer, operator
Manage service sets admin, dba, lob, designer, operator
Reassign services to a different management server and proxy admin, dba, operator
Import a service admin, dba
Export a service admin, dba, operator
Promote a service admin, dba
Table 4. Service monitoring tasks that can be performed by users with each security role
Tasks Roles
View the Dashboard and Service Monitoring tabs admin, dba, lob, designer, operator
Stop services admin, dba, lob, designer, operator
Purge service instance information admin, dba
Manage service instance filters admin, dba