For an overview of roles, and role hierarchy, see “Roles and groups”.
Table 3-4 describes the permissions you must have to manage roles.
Action |
Permissions required |
|---|---|
Create a role. |
WRITE on the role controlling asset. |
List the roles in a domain. |
LIST on the role controlling asset. |
View the properties of a role. |
READ on the role controlling asset. |
Update the properties of a role. |
UPDATE on the role controlling asset. |
Grant a role to, or revoke a role from, a user or group. |
GRANT on the role controlling asset. |
Assign permissions to a role to access an asset. |
GRANT on either the asset or the asset controlling asset. |
Move a role to a different organization. |
If the new organization is in the same domain, you need READ, DELETE, and WRITE on the role controlling asset. If the organization is in a different domain, you need READ and DELETE on the role controlling asset in the current domain, and WRITE on the role controlling asset in the new domain. |
Display a role’s access permissions. |
LIST on the asset controlling asset in each domain where the role has permission to access assets. For example, if a role has permission to access assets in three different domains, you need LIST permission on the asset controlling asset in all three domains. |
Delete a role. |
READ and DELETE on the role controlling asset. |
Creating a role
In the Organization Manager tree view, select the organization, and highlight Roles.
Click New. The Create New Role dialog box displays.
Enter a name for the role. To enable EAServer to use implicit role mapping, each role name must be unique throughout the security system. See “Implicit role mapping” for more information.
Optionally, enter a description, then click OK.
