This document covers the following topics:
To use the CentraSite GUIs or APIs, you must have a user account on the instance of CentraSite with which you want to work. Properties associated with your user account determine the CentraSite features you can use and the set of registry objects with which you can work.
Note:
If your needs are very limited, you can access CentraSite as a
"guest". Guests are typically allowed to browse a limited set of
assets in view-only mode (the exact scope of what a guest can do is determined
by the administrator of your CentraSite installation). For information about
the configuring the capabilities of a guest user, see the section
About Users in the document Users, Groups, Roles,
and Permissions.
During installation, CentraSite automatically creates a user account for the user who performs the installation. This user account is assigned to the CentraSite Administrator role, which has "super user" permissions.
If you are the one who installed CentraSite, a user account has automatically been created for you. Following installation, you can log on to CentraSite using your regular operating system or domain credentials (i.e., using the same user name and password that you normally use to access the machine on which CentraSite is installed).
If you are not the one who installed CentraSite, you must contact the administrator of your CentraSite installation to have a user account created for you.
The types of tasks you can perform in CentraSite and the set of objects with which you can work are determined by the following characteristics of your user account:
The organization to which your user account belongs.
The roles that are associated with your account.
The objects on which your account has access permission.
Your user account belongs to one (and only one) organization. When you create registry objects in CentraSite, those objects belong to your user account, and by extension, to your organization.
Generally speaking, an organization functions as a separate administrative domain within CentraSite. When you log on to CentraSite, you interact with the set of objects that "belongs" to your organization. When you operate on these objects, the registry enforces the policies imposed by your organization. For example, when you add an asset to the catalog, the policies associated with your organization determine which type of approval, validation or testing processes that asset must undergo.
Your user account is associated with one or more roles. A role defines a set of permissions. Permissions are coarse-grained access controls that enable your account to work with an entire class of objects, use a specific set of screens in the UI and/or perform restricted administrative tasks. To create user groups, for example, your account must belong to a role that has the "Manage Users" permission.
When you log on to CentraSite using CentraSite Control, the roles associated with your user account determine which screens and controls are visible in the user interface. If you build client programs using the CentraSite API, the roles associated with the user account that the program uses to log on to CentraSite determine which types of objects it can manipulate and which methods or operations it is allowed to perform.
To determine the roles to which your user account belongs, see Viewing Information About Your User Account.
Note:
If your account is assigned to multiple roles, it receives the
combined permissions of all of those roles.
CentraSite is installed with a set of predefined roles. If an administrator needs to give a user a set of permissions that is not provided by one of the predefined roles, he or she can do so by creating a custom role.
The following table describes a few of the key roles in CentraSite. For a complete list of the predefined roles, see the section About Roles and Permissions in the document Users, Groups, Roles, and Permissions.
| This role... | Provides the permissions necessary to... |
|---|---|
| CentraSite Administrator | Perform high-level administrative tasks such as
creating organizations and setting global (server-wide) parameters. This role
has every permission available to a CentraSite user. Users in this role
function as "super users."
The user who installs CentraSite automatically belongs to this role. |
| Organization Administrator | Perform high-level administrative tasks such as creating users and defining user groups and roles for an organization. |
| Policy Administrator | Create policies. View, edit or delete policies within any organization. |
| Asset Type Administrator | Customize the catalog by defining new attributes, profiles and asset types. |
| Asset Administrator | View, edit or delete any asset within an organization. |
| Asset Provider | Publish assets to the catalog. |
| Asset Consumer | Browse the catalog. |
Instance-level permissions are fine-grained controls that enable view, edit or delete access to individual objects in the registry. Instance level permissions can be extended to individual users, groups of users or both.
Generally speaking, when you create an object in CentraSite, everyone within your organization receives permission to view the object, however, only you (as the creator of the object) and administrators in certain roles have permission to edit and delete the object. To extend edit and delete permission to other users, you must set the instance-level permissions on the object. You can also use instance-level permissions to enable users in other organizations to view, edit or delete objects that belongs to your organization.
