Versions Compared

Old Version 29

changes.mady.by.user Amit Munwes

Saved on

compared with

New Version 30

changes.mady.by.user Sara Weisz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The screen is accessible by clicking [Manage→SecurityRoles] from The Navigation Bar.

Note

The security roles management screen is always available, regardless of whether the system is managing users using DPOD internal database registry or LDAP.

Security roles are used to provide a means for the administrator to limit the functionality and filter the view users have of the system. For example, administrators can use the roles to limit a user for view-only functionality, as well as filter out devices, domains, services, client IP addresses, APIs, payload and more from a user's view, thereby providing each user with insights to only the parts of the system they are allowed to access.

There are two types of security roles available with DPOD:

  • Built-in Roles - DPOD's pre-defined roles, which can not be added, deleted or altered.
  • Custom Roles - defined by the administrator, and may be added, deleted or altered by a DPOD administrator.

For a detailed explanation about security roles, see Role Based Access Control.

Custom Roles Table

The custom roles widget at the top of the screen lists the custom roles defined in the system in a table. Each row in the table contains the following information for a single role:

Column
Description
NameThe role's name. 
Clicking on a role's name will load the role's details in the Role View and provide access to system actions for the role. 
DescriptionThe description for this role

...

The Role Details section below provides information about the details required for adding or editing custom roles.

Built-In Roles Table

The built-in roles widget at the top of the screen lists the built-in roles defined in the system in a table. Each row in the table contains the following information for a single role:

Column
Description
NameThe role's name. 
Clicking on a role's name will load the role's details in the Role View and provide access to system actions for the role. 
DescriptionThe description for this role

...

Actions and Permissions
DetailContent Description
NameThe name of this role
DescriptionThe description of this role.
General
Access API-C Product ViewWhether this role, when assigned to a user, allows them to access the API-C product view.
Access Gateway Product ViewWhether this role, when assigned to a user, allows them to access the Gateway product view.
Edit Reports / AlertsWhether this role, when assigned to a user, allows them to edit reports and alerts.
Transactional Information
Allow Access to Raw MessagesWhether this role, when assigned to a user, allows them to view Raw Messages Table, Raw Messages Dashboard or raw messages of transactions.
Allow Access to PayloadWhether this role, when assigned to a user, allows them to view Messages Payload.
Allow Manage Payload CaptureWhether this role, when assigned to a user, allows them to manage payload capture.
Allow Viewing Correlated Trans.Whether this role, when assigned to a user, allows them to access the "Correlated Trans." tab in the Single Transaction Page (both Gateway and API-C)
Allow Viewing Correlated Trans. Raw ErrorsWhether this role, when assigned to a user, allows them to access the "Raw Errors" window, in the "Correlated Trans." tab, in the Single Transaction Page (both Gateway and API-C)
Allow Validate Remote WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Allow Promote Remote WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Allow WSDL URL ChangeWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Validate Local WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Promote Local WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Stop/Start ServiceWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Allowed Resources
General

Lists of general resources this role provides access to or All if no resources defined (relevant to IDG and API-C data). 
The resources in this section are "Device" and "Client IP".

DataPower Gateway

Lists of resources this role provides access to or All if no resources defined (relevant only to IDG data). 
The resources in this section are "Domain" and "Service".

API ConnectLists of resources this role provides access to or All if no resources defined (relevant only to API-C data). 
The resources in this section are "Provider Org Name", "Catalog Name", "Space Name", "Product Name", "Plan Name", "API Name", "Consumer Org Name", "App Name" and "Client ID".
Denied Resources
GeneralLists of general resources this role denies access to or None if no resources defined (relevant to IDG and API-C data). 
The resources in this section are "Device" and "Client IP".
DataPower Gateway

Lists of resources this role denies access to or None if no resources defined (relevant only to IDG data). 
The resources in this section are "Domain" and "Service".

API ConnectLists of resources this role denies access to or None if no resources defined (relevant only to API-C data). 
The resources in this section are "Provider Org Name", "Catalog Name", "Space Name", "Product Name", "Plan Name", "API Name", "Consumer Org Name", "App Name" and "Client ID".

Groups in Role

This widget lists all the Security Groups assigned to this role.
You may use the controls in this widget to remove or add a group association to this role.

If you are using an LDAP registry, please use the LDAP group name.

Users in Role

This widget lists all the Users assigned to this role.
You may use the controls in this widget to remove or add a user association to this role.

If you are using an LDAP registry, please use the authenticated LDAP user name.

...

When adding or editing a custom role, you will need to provide the following details:

DetailContent Description
NameThe name of this role
DescriptionThe description of this role.
Actions and Permissions
General
Access API-C Product ViewWhether this role, when assigned to a user, allows them to access the API-C product view.
Access Gateway Product ViewWhether this role, when assigned to a user, allows them to access the Gateway product view.
Edit Reports / AlertsWhether this role, when assigned to a user, allows them to edit reports and alerts.
Transactional Information
Allow Access to Raw MessagesWhether this role, when assigned to a user, allows them to view Raw Messages.
Allow Access to PayloadWhether this role, when assigned to a user, allows them to view Messages Payload.
Allow Manage Payload CaptureWhether this role, when assigned to a user, allows them to manage payload capture.
Allow Validate Remote WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Allow Promote Remote WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Allow WSDL URL ChangeWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Validate Local WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Promote Local WSDLWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Stop/Start ServiceWhether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List
Allowed Resources
General

Lists of general resources this role provides access to or All if no resources defined (relevant to IDG and API-C data). 
The resources in this section are "Device" and "Client IP".

DataPower Gateway

Lists of resources this role provides access to or All if no resources defined (relevant only to IDG data). 
The resources in this section are "Domain" and "Service".

API ConnectLists of resources this role provides access to or All if no resources defined (relevant only to API-C data). 
The resources in this section are "Provider Org Name", "Catalog Name", "Space Name", "Product Name", "Plan Name", "API Name", "Consumer Org Name", "App Name" and "Client ID".
Denied Resources
GeneralLists of general resources this role denies access to or None if no resources defined (relevant to IDG and API-C data). 
The resources in this section are "Device" and "Client IP".
DataPower Gateway

Lists of resources this role denies access to or None if no resources defined (relevant only to IDG data). 
The resources in this section are "Domain" and "Service".

API ConnectLists of resources this role denies access to or None if no resources defined (relevant only to API-C data). 
The resources in this section are "Provider Org Name", "Catalog Name", "Space Name", "Product Name", "Plan Name", "API Name", "Consumer Org Name", "App Name" and "Client ID".