Users and roles

Use the ACL/Role Manager to assign user-level and role-level permissions. A role is an arbitrary association based on criteria you select. For example, common tasks that are performed by multiple users, the requirement of certain users for certain types of information, and so on.

Role-level permissions afford you the convenience of setting permissions for whole groups of users at once. By combining user-level permissions and role-level permissions, you can implement a complete security structure with as much compartmentalization as you require.

Implement as many roles as you require on your system, and make as many users as necessary into members of each role.

Roles that might be implemented on a typical system:

  • System Administrator
    • Task: Oversees the system configuration and implementation.
    • Permission: All permissions for all nodes except hciaclrolemgr and hcicertmgr.
  • Security Administrator
    • Task: Manages user certification and ACL/role structure.
    • Permission: All permissions for all nodes within the application under the system root node.
  • Protocol Engineer
    • Task: Configures protocol threads.
    • Permission: Selected permissions for selected nodes under each site node.
  • Translation Engineer
    • Task: Configures translation threads.
    • Permission: Selected permissions for selected nodes under each site node.
  • Quality Tester
    • Task: Tests and analyzes system operation.
    • Permission: Permissions to run for all nodes within command under each site node.
  • System Operator
    • Task: Starts, stops, and monitors system performance.
    • Permission: Permissions to run for selected nodes within command and application under each site node.

Assign permissions to roles in the system the same way that you assign permissions to individual users. For example, there may be several Quality Testers who must perform the same tasks to test and analyze system performance. Instead of setting the same permissions for each Quality Tester individually, you can set those permissions once for the Quality Tester role. Then, you can make all those users members of that role.

Roles can also be members of other roles. For example, the Quality Tester role might be a member of the System Operator role. All permissions that are granted to the user members of the System Operator role are extended to all user members of the Quality Tester role.