Role Management¶

A role is a set of privileges. These can be global privileges or privileges granted for a specific environment. Roles allow administrators to manage user privileges easily because by changing the privileges assigned to a role, they change the privileges of all the users that "belong" to that role. For example, you can create the role developer_project_bi_customer and grant all the required privileges to this role.

For those user accounts created in the Solution Manager, you need to assign roles to the users to grant them privileges. Note that you can assign predefined roles to the users or create new roles, grant them privileges and assign them to the user.

If you are using LDAP or single sign-on authentication, roles are extracted and automatically assigned to the user as part of the authentication process. You need to create those roles in the Solution Manager and grant privileges to the roles. Take into account that the Solution Manager matches the roles by name, so the names of the roles you create should respect the same case of the values extracted during the authentication.

The Role management dialog allows you to administer the roles in the Solution Manager. To open it, go to the menu Configuration > Role management.

Role management dialog

Role management dialog

To create a new role, click the add-role button, fill in its details and click Save. The role will be created and listed in the roles table. You can use the edit button to update its definition in the future.

Create role dialog

Create role dialog

You can delete one role with the remove button or select several roles and delete them at once by clicking the remove-text button.

In addition to grant privileges to a role for a specific environment, you can assign roles to other roles. This is called "Role inheritance". Therefore, the effective privileges of a role consist of the union of the privileges directly granted to it and the privileges of the roles assigned to it. To assign roles to a role, click the assign-roles button, select a set of roles and click Save.

Assign roles dialog

Assign roles dialog

Import roles from an LDAP server¶

Instead of creating roles manually, you also can import them from an LDAP server. Before importing them, you need to configure the global LDAP server in the LDAP configuration. Then, click the import-roles button to open the Import roles from LDAP dialog.

Import roles from LDAP dialog

Import roles from LDAP dialog

From this dialog you can import role names and role definitions. Provide the following data:

  • Role base: Node of the LDAP server that is used as scope to search nodes that represent roles. You can enter more than one "Role base" expression.

  • Attribute with role name: Name of the attribute that contains the name of the role, in the nodes that represent roles.

  • Attribute with role description: Name of the attribute that contains the description of the role, in the nodes that represent roles.

  • Role search pattern: Pattern used to generate the LDAP queries that will be executed to obtain the nodes that represent the roles you want to import into Solution Manager.

Then click the Import button. The Solution Manager will display the list of roles it found in the LDAP server. Select the roles you want to import and click Import.

Roles found in the LDAP server to import

Roles found in the LDAP server to import