User Roles and Privileges: Common Examples

Document created by thanh_n88 Employee on Apr 13, 2018Last modified by thanh_n88 Employee on May 17, 2018
Version 4Show Document
  • View in full screen mode

Most of the roles and privileges make sense upon reading like the Dashboard privilege (view the dashboard tab) or Licensing (to view the licensing page), but some need others to work fully. We'll look at the common combinations and roles seen in many companies. We are assuming the user has a custom role and not using a default role. For this, you will need the Advanced User Security feature.

 

Things to note:

  1. A higher role will supersede a lower role i.e. a privilege A can read and privilege B can read/write, a role that has privilege B doesn't not need A and when a user has both, B is in effect
  2. Privileges are additive across roles, so if a user had multiple roles all privileges across those roles will take effect
  3. The default page when a user doesn't really have privileges or right combination of privileges is just the setup page with their basic user information
  4. For privileges that depend on having access to environment, the roles will need to be added to an environment before it will do anything i.e. View Audit Logs, Scheduling, etc

 

Reference Guide Articles

Here are additional information on users and using them in environments

  

How to add Roles to an Environment

We can control who has access to what environment and the atoms attached to that environment by adding roles to an environment.

  1. Go to the Manage tab and then Atom Management
  2. Click on an environment to see the "Configuration"
  3. In the field to the right of "Roles" you will be able to click in the white space and a list of roles will appear for you to click and add

 

Common Scenarios

Here are common results of certain privileges and their combinations. The left side are the minimum privileges (so they only have that) and the right side is the resulting capabilities for a user who has that role.

 

Access to an environment

Role added to environment A + Atom Management Read AccessView environment A in atom management page but cannot make changes to the roles and attachments, user can view the attached atom(s), and view the information tabs
Role added to environment A + Atom ManagementView environment A in atom management page and can make changes to the roles and attachments, view the attached atom(s), and view/edit atom information tabs like modify the Shared Web Server and Listeners
Role added to environment AView default page
Atom Management Read Access or Atom ManagementView empty atom management page

Note: Atom Management is a higher privilege than Atom Management Read Access 

 

Changing folder permissions

Account Administration + Build Read AccessView everything in the Build page and set folder permissions
Account Administration + Build Read and Write AccessView/edit everything in the Build page and set folder permissions
Build Read Access (or Build Read and Write Access)View (or edit) everything in the Build page
Account AdministrationView default page

 NoteBuild Read and Write Access is a higher privilege than Build Read Access 

 

View results and/or data

Role added to environment A + View ResultsUser can only view execution information for environment A in process reporting page
Role added to environment A + View Results + View DataUser can view the data (including process logs and documents) and execution information for environment A in process reporting page
View Results and/or View DataView default page, empty process reporting page
Role added to environment A + View DataView default page

 

Execute processes on certain environment

Role added to environment A + Execute + View ResultsExecute processes deployed on environment A in process reporting page
Role added to environment A + ExecuteView default page
Role added to environment A + Execute + Atom Management Read AccessExecute process from deployed processes tab in atom management page for environment A but cannot view results in process reporting page
ExecuteView default page

Note: A user might be able to see the green execute button on the process reporting page but when they try to use it, it will tell them they do not have enough privileges

 

Deploy on a certain environment

Role added to environment A + Process DeploymentDeploy processes (or deploy already made packages) on environment A
Role added to environment A + Package ManagerCreate new packages for deployment
Role added to environment A + Process Deployment + Package ManagerCreate new packages for deployment and deploy to environment A
Process DeploymentView empty deployment page, cannot actually deploy any processes

 

Build process and test/execute on certain environment

Role added to environment A + Build Read Access + ExecuteOnly view everything in the Build page and test using atoms in environment A
Role added to environment A + Build Read and Write Access + ExecuteView/ edit everything in the Build page and test using atoms in environment A
Build Read Access (or Build Read and Write Access) + Execute

View (or edit) everything in the Build page, cannot test process

Role added to environment A + Build Read Access (or or Build Read and Write Access) + Execute + Atom Management Read Access

View (or edit) everything in the Build page, test using atoms in environment A, and execute processes from deployed processes tab in atom management page for environment A

 

Privileges applied to all environments 

Environment ManagementView default page
Environment Management + Atom Management Read AccessView all environments on atom management page
Environment Management + Atom ManagementView and edit all environments on atom management page

Note: It does not matter if a role was added to an environment or not now, the role will be able to see all other environments. If the role had execute, they can now execute on all environments; deploy, they can deploy on all environments, etc

Attachments

    Outcomes