The screen is accessible by clicking [Manage→Security→Roles] from The Navigation Bar.
| Note |
|---|
The security roles management screen is always available, regardless of whether the system is managing users using DPOD internal database registry or LDAP. |
Security roles are used to provide a means for the administrator to filter the view users have of the system. Administrators can use the roles to restrict actions and filter out devices, domains, services, client IP addresses, payload and more from a user's view, thereby providing each user with insights to only the parts of the system they are allowed to access.
There are two types of security roles available with DPOD:
- Built-in Roles - DPOD's own built-in roles, which can not be added, deleted or altered.
- Custom Roles - defined by the administrator. These roles may be added, deleted or altered by a DPOD Administrator.
For a detailed explanation about security roles, see Role Based Access Control.
Custom Roles Table
The custom roles widget at the top of the screen lists the custom roles defined in the system in a table. Each row in the table contains the following information for a single role:
Column | Description |
|---|---|
| Name | The role's name. Clicking on a role's name will load the role's details in the Role View and provide access to system actions for the role. |
| Description | The description for this role |
...
The Role Details section below provides information about the details required for adding or editing custom roles.
Built-In Roles Table
The built-in roles widget at the top of the screen lists the built-in roles defined in the system in a table. Each row in the table contains the following information for a single role:
Column | Description |
|---|---|
| Name | The role's name. Clicking on a role's name will load the role's details in the Role View and provide access to system actions for the role. |
| Description | The description for this role |
...
| Detail | Content Description |
|---|---|
| Name | The name of this role |
| Description | The description of this role. |
| Actions and Permissions | |
| Allow Access to Raw Messages | Whether this role, when assigned to a user, allows them to view Raw Messages. |
| Allow Access to Payload | Whether this role, when assigned to a user, allows them to view Messages Payload. |
| Allow Manage Payload Capture | Whether this role, when assigned to a user, allows them to manage payload capture. |
| Allow Validate Remote WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Allow Promote Remote WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Allow WSDL URL Change | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Validate Local WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Promote Local WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Stop/Start Service | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Allowed Resources | |
| General | Lists of general resources this role provide provides access to or All if no resources used defined (relevant to IDG and API-C data). |
| DataPower Gateway | Lists of resources this role provide provides access to or All if no resources used resources defined (relevant only to IDG data). |
| API Connect | Lists of resources this role provide provides access to or All if no resources used resources defined (relevant only to API-C data). The resources in this section are "Catalog Name", "Space Name", "Plan Name", "API Name", "Product Name", "Consumer Org Name" and "Client ID". |
| Denied Resources | |
| General | Lists of general resources this role deny denies access to or None if no resources used resources defined (relevant to IDG and API-C data). The resources in this section are "Device" and "Client IP". |
| DataPower Gateway | Lists of resources this role deny role denies access to or None if no resources used resources defined (relevant only to IDG data). |
| API Connect | Lists of resources this role deny role denies access to or None if no resources used resources defined (relevant only to API-C data). The resources in this section are "Catalog Name", "Space Name", "Plan Name", "API Name", "Product Name", "Consumer Org Name" and "Client ID". |
| Groups in Role | This widget lists all the Security Groups assigned to this role. If you are using an LDAP user registry, please use the LDAP group name. |
| Users in Role | This widget lists all the Users assigned to this role. If you are using an LDAP user registry, please use the authenticated LDAP user name. |
...
When adding or editing a custom role, you will need to provide the following details:
| Detail | Content Description |
|---|---|
| Name | The name of this role |
| Description | The description of this role. |
| Actions and Permissions | |
| Allow Access to Raw Messages | Whether this role, when assigned to a user, allows them to view Raw Messages. |
| Allow Access to Payload | Whether this role, when assigned to a user, allows them to view Messages Payload. |
| Allow Manage Payload Capture | Whether this role, when assigned to a user, allows them to manage payload capture. |
| Allow Validate Remote WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Allow Promote Remote WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Allow WSDL URL Change | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Validate Local WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Promote Local WSDL | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Stop/Start Service | Whether this role, when assigned to a user, allows them to perfrom the action in DevOps Services List |
| Allowed Resources | |
| General | Lists of general resources this role |
provides access to or All if no resources |
defined (relevant to IDG and API-C data). | |
| DataPower Gateway | Lists |
of resources this role |
provides access to or All if no resources |
defined (relevant only to IDG data). | |
| API Connect | Lists of resources this role |
| provides access to or All if no resources |
| defined (relevant only to API-C data). The resources in this section are "Catalog Name", "Space Name", "Plan Name", "API Name", "Product Name", "Consumer Org Name" and "Client ID". | |
| Denied Resources | |
|---|---|
| General | Lists of general resources this role |
| denies access to or None if no |
| resources defined (relevant to IDG and API-C data). The resources in this section are "Device" and "Client IP". | |
| DataPower Gateway | Lists of resources this |
role denies access to or None if no |
resources defined (relevant only to IDG data). | |
| API Connect | Lists |
| of resources this |
| role denies access to or None if no |
| resources defined (relevant only to API-C data). The resources in this section are "Catalog Name", "Space Name", "Plan Name", "API Name", "Product Name", "Consumer Org Name" and "Client ID". | |