OneData 10.7 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | Managing Roles
 
Managing Roles
 
Configuring Roles
Cloning a Role
Assigning Users to User Roles
User accounts are not assigned privileges directly, but are accorded privileges by being assigned to a user role. This simplifies user account management. Through the role, you define a user’s privileges to create, read, update, delete, purge, and restore actions.
User accounts can be assigned to more than one role. If the roles assigned to the user have different or conflicting security levels, OneData evaluates the security and assigns it as follows:
*Combines the role privileges, granting the privileges for any objects explicitly defined within the role, but applying the most conservative security assigned globally to the user role in every other object.
*If one of the user roles includes a row filter, OneData limits the user to the security privileges explicitly defined in the object, but grants the least conservative security as defined in the global settings.
For example, User A has two roles, an administrator role, and a role named Update_Country, which has a row filter that specifies update on country values “US” and “UK.” User A can select and browse values in all of the available objects, but can update only those values in the Country object where the country is “US” or “UK.”
The following table defines the security enforced by the user role.
User Role Properties
Security Type
Description
Functions
Defines the functions that users can perform, including data and object management, and system administration privileges. These functions are standard in OneData and cannot be modified.
Folders
Defines the object folders that users can access. Restricting access to a folder also restricts access to any objects within that folder.
Definition Objects
Defines which definition objects the user can access and the functions the user can perform on the object:
*Select: the user can only view the object.
*Update: the user can update the object.
Data Object
Defines the functions a user can perform on a specific data object:
*Row Filter: Restricts user privileges at the column level. The row-level filter restricts the user to viewing only specific records. You can create complex selection conditions. Row-level filters can be assigned to a role and/or the user.
*Select Definition: View the object definition.
*Update Definition: Full object edit privileges.
*Select: View records.
*Update: Edit existing records.
*Insert: Insert new data records.
*Delete: Delete existing records.
*Purge: Purge records.
*Export: Export records to another source or email recipient.
*Import: Import new records into an object.
Remote Snapshots
Defines the functions a user can perform on remote snapshots:
*Select Definition: View the snapshot definition.
*Update Definition: Full snapshot edit privileges.
*Select: View the snapshot.
*Export: Export snapshot records to another source or email recipient.
Remote Object
Defines the user privileges on remote objects. These privileges are the same as for data objects, but include the ability to define a row filter or limit record purges.
Complex Views
Defines the user privileges on complex views.
*Select Definition: View the object definition.
*Update Definition: Full object edit privileges.
*Insert: Insert new data records.
Conceptual Objects
Defines the user privileges on conceptual data objects.
*Select Definition: View the object definition.
*Update Definition: Full object edit privileges.
*Show in Data Entry: View data records.
Reports
Defines the user privileges on reports.
*Manage Reports: Full edit privileges on reports.
*Execute Report: Generate a report ad hoc.
Users
Defines the users who are assigned to the user role.
*Manage Reports: Full edit privileges on reports.
*Execute Report: Generate a report ad hoc.
Select the users who are assigned to the role.
Connections
Defines the connections that the user can access.