Setting Permissions on a Run-Time Policy
To set instance-level permissions on a run-time policy in CentraSite, you must have one of the following permissions:
To set permissions on a organization-specific policy, you must belong to a role that has the Manage Run-Time Policies for the organization to which the policy belongs or have the Full instance-level permission on the policy itself.
To set permissions on a system-wide policy, you must belong to a role that has the Manage System-Wide Run-Time Policies or have the Full instance-level permission on the policy itself.
Important: If you belong to a role that includes the Manage System-Wide Run-Time Policies permission, you have the ability to modify permissions of CentraSite's predefined policies. However, you should not do this. These policies perform critical functions within the registry and must not be modified except under the direction of a technical representative from Software AG.
Be default, all users have View permissions on the run-time policies in the registry.
Users who belong to a role that includes the Manage Run-Time Policies permission for an organization have Full permission on the policies that belong to the organization. Users who belong to a role that includes the Manage System-Wide Run-Time Policies permission, have Full permission on all system-wide policies. To enable other users to modify and delete policies, you must modify the policy's instance-level permission settings.
You can modify the instance-level permissions for a policy by executing a run-time policy or by specifying the permissions manually on the Permissions tab in CentraSite Control.
When setting permissions on policies, keep the following points in mind:
You can assign permissions to any individual user or group defined in
CentraSite.
Note: If you give a user permission to view, edit or delete a policy, and you want that user to be able to perform these operations using CentraSite Control, ensure that the user belongs to a role that also has the Use the Policy UI permission.
Permission | Description |
View | Enables users to see the policy in their policy list and view details for the policy. |
Modify | Enables users to view and modify the properties of a policy (including the policy’s scope and action list). |
Full | Enables users to view, modify or delete the policy. |
The groups to which you can assign permissions include the following system-defined groups:
Group Name | Description |
Users | All users within a specified organization. |
Members | All users within a specified organization and its child organizations. |
Everyone | All users of CentraSite including guest users (if your CentraSite permits access by guests). |
If a user is affected by multiple permission assignments, the user receive the union of all the assignments. For example, if group ABC has Modify permission on a policy and group XYZ has Full permission on the same policy, users that belong to both groups will, in effect, receive Full permission on the policy.
To assign instance-level permissions to a run-time policy
1. In CentraSite Control, go to Policies > Run-Time.
This displays a list of defined run-time policies in the Run-Time Policies page.
2. Locate the policy whose permissions you want to modify and select Details from its context menu.
This opens the Run-Time Policy Details page.
3. If the policy is active, deactivate it.
You cannot modify the permission settings of an active policy.
4. On the Policy details page, click the Permissions tab.
5. To add users or groups to the Users / Groups list, do the following:
a. Click Add Users / Groups.
b. Select the users and groups to which you want to assign permissions.
If you want to filter the list, type a partial string in the Search field. CentraSite applies the filter to the Users/Groups column.
Examples
String | Description |
b | Displays names that contain b |
bar | Displays names that contain bar |
% | Displays all users and groups |
c. Click OK.
6. To remove a user or group from the Users / Groups list, select the check box beside the group name or user ID and click Delete.
7. Use the View, Modify and Full check boxes to assign specific permissions to each user and group in the Users / Groups list as follows:
Permission | Allows the selected user or group to... |
View | View the policy. Note: Disabling this permission does not prevent a user from accessing the policy. CentraSite implicitly grants users View permission on all design/change-time policies within an instance of CentraSite. This implicit permission that CentraSite grants to a user cannot be not revoked by disabling the View permission on this tab. |
Modify | View and edit the policy. |
Full | View, edit, and delete the policy. This permission also allows the selected user or group to assign instance-level permissions to the policy. |
8. Click Save to save the new permission settings.
9. When you are ready to put the policy into effect, activate the policy.