Security roles serves to control access of users to management and application features, such as, running new model instances, changing model instance context or updating passwords. Access to each feature is governed by a security right. A person can access a management feature only if they have a security role, which has the security right. Otherwise, the respective feature is inaccessible to the user regardless of whether they use the Management perspective of Designer, Management Console, or Command-Line Console.
The following predefined security roles are available:
- Admin: unrestricted access to management features The security role is read-only and cannot be deleted.
- ApplicationRoleManager: management of persons, and security and model roles
- ProcessExecutor: no access to management features; only to the Application User Interface
- ProcessManager: management of model instances
When you delete a security role, its assignments are removed from the users as well.
Important: If a person does not have a security right for an action, the result is absence of the respective GUI components in the Application User Interface; for example, if a person does not have a security role with the right Todo:Read_Own
, the To-do List navigation item will not be displayed in the application when the person is signed in.
Security Role Management
You can create, modify, and delete security roles.
Creating and Editing a Security Role from the Management Perspective
To create a security role, do the following:
- Open the Security Management view.
- In the Security Management view, click Add ( ) or Edit ( ) in the view toolbar.
- In the Role Name text box of the Security Role Definition dialog box, type the security role name.
- Select the security rights to assign to the role, and click OK.
Security role definition dialog
Security Management view
Creating and Editing a Security Role from Management Console
To create or edit a security role, do the following:
- Open the Security Roles view.
- Click Add Role or select a role a click Edit .
- In the Role name text field, enter the new security role name.
- Select the security rights for the person.
- Click the Submit button.
Deleting a Security Role from the Management Perspective
To delete a security role, do the following from the Management perspective:
- Open the Security Management view.
- In the Security Management view, select the security role.
- Click Delete ( ) in the view toolbar.
Deleting a Security Role from Management Console
To delete a security role, do the following:
- Open the Security Roles view.
- Select the security roles.
- Click Remove .
Security Role Assignment
Assigning a Security Role from the Management Perspective
To add or remove person’s security roles, do the following:
- Display the respective person detail view.
- Under Security Roles, click Manage Roles.
- Select the security rights to assign to the role, and click OK.
- Save the changes.
Assigning a Security Role from Management Console
To assign a person a security role, do the following:
- On the Persons page, click person‘s login.
In the person detail view, click the Edit button.
Editable person detail appears.
- In the Security Roles area, select the security roles of the person.
- Click Submit .