Managing User Permissions for Project Tasks
You can authorize users to perform tasks by project. To do this you use tasks and authorizing groups or My webMethods Server central user management. This means that when Deployer users display the Projects page, they will see only those Deployer projects for which they are authorized.
You can authorize groups to perform the following tasks:
View. View projects only.
Note:
Users with Developer and Internal ACLs and any combination of Define, Build, Map, or Deploy authorization automatically have the View authorization.
Define. Groups can define, export, and import deployment and deletion sets only.
Build. Groups can build projects only.
Deploy. Groups can deploy deployment or deletion sets only (that is, to actually deploy assets to or delete assets from target servers or target groups).
Map. Groups can map projects to repositories, source servers, target servers, and target groups.
You grant privileges to perform tasks through Access Control Lists (ACLs). When an administrator creates ACLs, he or she identifies groups that are allowed to perform particular tasks. The following table shows the ACLs and authorizations required to perform each task:
| All Project Tasks | View Project Tasks | Define Project Tasks | Build Project Tasks | Map Project Tasks | Deploy Project Tasks |
ACLs | | | | | | |
Developer | X | X | X | X | X | X |
Internal | X | X | X | X | X | X |
DeployerAdmin | X* | | | | | |
Administrator | X* | | | | | |
Authorizations |
View | | X | | | | |
Define | | | X | | | |
Build | | | | X | | |
Map | | | | | X | |
Deploy | | | | | | X |
Note:
The asterisk (*) indicates that only users with either one of the following ACL combinations can perform all project tasks in Deployer:
DeployerAdmin, Developer, and Internal ACLs
Administrator ACL
Users assigned to one of these ACL combinations do not require authorization to specific tasks.
You can authorize groups to perform more than one task. For example, if you want to allow Group A to map and deploy projects, you would select the Map and Deploy authorizations.
Note:
The groups you create for use with Deployer can contain unique names to help define which tasks each group can perform. For example, you could create groups named viewDeployerProjects, buildDeployerProjects, mapDeployerProjects, deployDeployerProjects, and defineDeployerProjects. This means that when Deployer users display the Projects page, they will see only those Deployer projects to which they are authorized.
For more information about groups and ACLs, see webMethods Integration Server Administrator’s Guide. For information on My webMethods Server central user management groups, see Administering My webMethods Server.
To authorize groups to perform tasks
1. In Deployer, go to the Deployer> Projects page.
2. Locate the project to which to authorize groups. If locking is enabled, in the Lock Status column for the project, click 
to lock the project. In the Authorize column for the project, click 
. 3. In the Fetch Groups field, click the type of group to authorize.
If you select LDAP/Central user management groups, you can narrow the list of groups that are displayed. In the Search String field, specify a string that is within the names of the groups you want to display; you can use an asterisk (*) as a wildcard for one or more characters (for example, Admin*). Click Go to list the specified groups.
4. In the Select Authorization list, click the task the group is authorized to perform.
5. The Not Specified box lists all groups defined in the type of group you chose. Using the arrow buttons, move each group you want to assign to the specified task into the Allowed box. Move each group that you do not want to assign to the specified task into the Denied box.
6. Click Update. The Resulting users with this Authorization lists all users that belong to the groups you assigned to the task (that is, the groups you moved into the Allowed box).
7. In the Lock Status column for the project, click 
to unlock the project.