When you deploy the manager to an application server, the manager uses a predefined set of user roles. User roles define the tasks that each user can perform. Although user credentials are set up in the application server, the user credentials must use the roles that are supported by the manager.
The manager supports the user roles that are listed in the following table. The administrator of the application server must map roles to user credentials so that users can sign onto the manager.
Role ID | Role name | Description of role |
---|---|---|
0 | admin | The administrator of the manager, who is responsible for configuring the management servers, proxies, and services. |
1 | dba | The database administrator, who is responsible for ensuring that the runtime environment has the resources needed to run the service against a database. |
2 | lob | The line-of-business administrator, who is responsible for ensuring that the service is performing its intended function. |
3 | designer | The service designer, who is responsible for creating and testing services and for publishing services to the repository. |
4 | operator | The operator, who is responsible for scheduling and running services that are in the repository. |
You can assign more than one user role to a single user. Each user role that you assign to a user gives the user access to the functions that are associated with the user role. For example, you assign the lob user role and the dba user role to a single user. For such a user, the user has access to the functions that are associated with both user roles.
For some product solutions, the manager might support the creation of user accounts that are based on user accounts on an external system. These product solutions might require you to create user accounts in this way to use the integration between the manager and the external system. When you use the manager to create such a user, you can assign any combination of user roles to the user.
User roles are only one element of security that is provided by the manager. If a service is added to a service group, a user must be granted access to the service group before the user can run the service. Also, an administrator can configure tabs so that the tabs cannot be accessed by users who do not have a user role of admin. In these cases, a user might not be able to perform tasks that would otherwise be allowed by the user role.
Each user role gives users permission to perform a set of tasks that are appropriate to users with that user role. The following tables indicate which tasks can be performed by users that have each user role.
Tasks | Roles |
---|---|
View Management Servers, Proxies, and Database Drivers on the Configuration tab | admin, dba, lob, designer, operator |
View Users and Groups and Tabs on the Configuration tab | admin |
Set registry location and global preferences | admin |
Set user and display preferences | admin, dba, lob, designer, operator |
Manage management servers and proxies | admin |
Manage licenses for management servers | admin, dba |
Manage database drivers in the repository | admin, dba |
Manage service groups | admin |
Grant and remove user access to service groups | admin |
Manage manager user accounts for users of external systems | admin |
Manage user-defined tabs | admin |
Change access to tabs in the manager | admin |
Tasks | Roles |
---|---|
View the Service Management tab | admin, dba, lob, designer, operator |
Run services and service sets | admin, dba, lob, designer, operator |
Schedule services and service sets | admin, dba, designer, operator |
Change service plan | admin, dba, designer, operator |
Manage service sets | admin, dba, lob, designer, operator |
Reassign services to a different management server and proxy | admin, dba, operator |
Import a service | admin, dba |
Export a service | admin, dba, operator |
Promote a service | admin, dba |
Tasks | Roles |
---|---|
View the Dashboard and Service Monitoring tabs | admin, dba, lob, designer, operator |
Stop services | admin, dba, lob, designer, operator |
Purge service instance information | admin, dba |
Manage service instance filters | admin, dba |