A role is a set of privileges. These can be global privileges or
privileges granted for a specific environment. Roles allow
administrators to manage user privileges easily because by changing the privileges assigned to a role, they change the
privileges of all the users that “belong” to that role. For example, you can create the role
developer_project_bi_customer and grant all the required privileges to this role.
For those user accounts created in the Solution Manager, you need to assign roles to the users to grant them privileges. Note that you can assign predefined roles to the users or create new roles, grant them privileges and assign them to the user.
If you are using LDAP or single sign-on authentication, roles are extracted and automatically assigned to the user as part of the authentication process. You need to create those roles in the Solution Manager and grant privileges to the roles. Take into account that the Solution Manager matches the roles by name, so the names of the roles you create should respect the same case of the values extracted during the authentication.
The Role management dialog allows you to administer the roles in the Solution Manager. To open it, go to the menu Configuration > Role management.
To create a new role, click the button, fill in its details and click Save. The role will be created and listed in the roles table. You can use the button to update its definition in the future.
You can delete one role with the button or select several roles and delete them at once by clicking the button.
In addition to grant privileges to a role for a specific environment, you can assign roles to other roles. This is called “Role inheritance”. Therefore, the effective privileges of a role consist of the union of the privileges directly granted to it and the privileges of the roles assigned to it. To assign roles to a role, click the button, select a set of roles and click Save.
Import roles from an LDAP server¶
Instead of creating roles manually, you also can import them from an LDAP server. Before importing them, you need to configure the global LDAP server in the LDAP configuration. Then, click the button to open the Import roles from LDAP dialog.
From this dialog you can import role names and role definitions. Provide the following data:
Role base: Node of the LDAP server that is used as scope to search nodes that represent roles. You can enter more than one “Role base” expression.
Attribute with role name: Name of the attribute that contains the name of the role, in the nodes that represent roles.
Attribute with role description: Name of the attribute that contains the description of the role, in the nodes that represent roles.
Role search pattern: Pattern used to generate the LDAP queries that will be executed to obtain the nodes that represent the roles you want to import into Solution Manager.
Then click the Import button. The Solution Manager will display the list of roles it found in the LDAP server. Select the roles you want to import and click Import.