Role-based access provides coarse-grained access control to features and objects in CentraSite. A role is a set of system-level permissions that you associate with a user account or a group of users. The permissions within a role determine which types of objects (for example, Organizations, Policies, Lifecycle Models) users in that role can create. They also specify whether a user is allowed to perform certain restricted actions (for example, View System Audit Log).

The role(s) to which a user belongs determines which screens and controls that user receives in the CentraSite user interface. With respect to API access (based on JAXR or UDDI), the role(s) associated with the client program's user account determine which methods or operations the program is allowed to perform.

CentraSite is installed with a number of predefined roles. For example, users that belong to the "Policy Admin" role are permitted to create and manage design/change-time policies. However, you can also create custom roles if you require a specific combination of permissions that is not supplied by the predefined roles.

For more information about roles, see Users, Groups, Roles, and Permissions.