Tenant Management, Roles, and Permissions

Get familiar with webMethods.io Integration tenant types, their associated settings, learn how to define roles for your tenant, permissions, and add users to a tenant.

Tenant Types

webMethods.io Integration supports two types of tenants:

  1. Credit-based Tenants
  2. Transaction-based Tenants

Credit-based Tenants

Tenants created before June 10, 2020 run (and will continue to run) on credits.

Credits consumption criteria

The credit consumption for each FlowService/Workflow is calculated based on the selected container and flow time.

Flow Time (in minutes) Credits Consumed by Containers with respect to Flow Time
256 MB 512 MB 1024 MB
3 1 2 4
6 2 4 8
9 3 6 12
12 4 8 16
15 5 10 20
18 6 12 24
21 7 14 28
24 8 16 32
27 9 18 36
30 10 20 40

Note: The availability of the 512 MB and 1024 MB container depends on your subscription plan.

So, for example, if the workflow execution duration is 5 minutes and container size is 512 MB then, 4 credits will be consumed from your tenant account.

Supported plans

Users of credits-based tenants Trial plan can upgrade to the Basic, Advanced, or Enterprise plan based on their requirements, by contacting Global Support.

Transaction-based Tenants

Tenants created after June 10, 2020 will run on transactions.

Transaction consumption criteria

The transaction consumption for each FlowService/Workflow is calculated based on the execution duration (in seconds).

Execution Time (in seconds) Transactions Consumed
Up to 3 1
More than 3 and up to 6 2
More than 6 and to up to 9 3
More than 9 and to up to 12 4
More than 12 and up to 15 5
More than 15 and up to 18 6
More than 18 and up to 21 7
More than 21 and up to 24 8
More than 24 and up to 27 9
More than 27 and up to 30 10

So, for example, if your workflow execution duration is 10 seconds, 4 transactions will be consumed from your tenant account.

Supported plans

When you sign up for a webMethods.io Integration tenant, it will be assigned the 30-day Trial plan by default and will be allocated 5000 transactions. You can then optionally upgrade to the Free Forever Edition, Basic, Advanced, or Enterprise plan based on your requirements by contacting Global Support.

Under the Free Forever Edition plan, you will be allocated 1000 transactions per month. These transactions will be replenished at the start of each month. If you consume all your transactions before the month is over, you can either wait for the transactions to be replenished or upgrade to one of the paid plans. Once your trial is over, your tenant will be deactivated until you reactivate it by switching to one of the offered plans.

Notes:

  • If your tenant is under the Trial or Free Forever Edition plan, you cannot execute any of the Workflows or FlowServices once you have reached the transaction limit. In such a scenario you can upgrade to one of the paid plans to continue execution of your Workflows or FlowServices.
  • If your tenant is under one of the paid plans, you can continue execution of your Workflows and FlowServices even if you reach the transaction limit. In such a scenario, the overage charges will be added to the final bill.

Tenant Profile

webMethods.io Integration allows you to centrally view and manage the details of your tenant. Once you have logged in to your tenant, click on the tenant profile icon located at the top-right corner of the home screen, and select Profile from the list of options that appear.

You will be redirected to the Profile screen where you can view and manage your tenant profile settings.

Role Management

webMethods.io Integration provides you a quick overview of roles assigned to a user and allows you to also define custom roles with specific permissions for your tenant.

Roles

A role is a set of permissions. When you assign a role to any user, the role’s permissions are assigned to that user.

To view and create roles, log in to your tenant, click on the tenant profile icon located at the top-right corner of the home screen, and select User Management from the list of options that appear.

You will be redirected to the Roles screen.

The Roles screen allows you to view the list of existing roles and create new roles for your tenant. Only the tenant owner and admin have access to this screen.

webMethods.io Integration provides two default roles:

Note: The default roles cannot be edited or deleted from a tenant.

Roles and access permissions

The role assigned to you determines which operations you can and cannot perform in the tenant. The list of access permissions for each role is listed in the table below:

Role Manage Free Forever Edition Plan Settings Manage White Labeling Settings Manage Tenant Users Manage Environments Publish Project Deploy Project Create Project Update Project Delete Project Create/Delete/Update Workflow Manage Roles Monitor Dashboard (when FlowService is not enabled) Monitor Dashboard (when FlowService is enabled Monitor Audit Logs
Admin (Tenant Owner) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes
Admin (Not a tenant Owner) Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes
Developer (Cloud-Tenant-Administrator and webMethodsioIntegration-User) Yes No No No Yes Yes Yes Yes Yes Yes No No Yes No
Developer (webMethodsioIntegration-User) Yes No No No Yes Yes Yes Yes Yes Yes No No Yes No
Custom Role - (Read) No No No No No No No No No No No No Yes No
Custom Role - (Write) No No No No Yes - Only applicable to the project(s) of which access is granted to the role Yes - Only applicable to the project(s) of which access is granted to the role Yes - Only applicable to the project(s) of which access is granted to the role Yes - Only applicable to the project(s) of which access is granted to the role Yes - Only applicable to the project(s) of which access is granted to the role Yes - Only applicable to the project(s) of which access is granted to the role No No Yes No
Custom Role - (Execute) No No No No No No No No No No No No Yes No

Creating new roles

You can also create custom roles for your tenant. These roles determine which projects should be made accessible for users of a particular role.

To create a new role, click on the New Role button given on the top-right corner of the Roles screen. A new Add Role window will appear where you will be prompted to provide the following details:

Once you have assigned relevant permissions for required projects, click Done. This will create a new role in your tenant.

Notes:

  • Admins can only modify other users’ roles. They cannot modify the tenant owner’s role or their own role.
  • Whenever you create a new project, please ensure to add it under relevant roles with required permissions to make it accessible for intended users.
  • The Alert Rules tab will not be visible to the users added under a custom role.

Permission types

There are three types of permissions that can be granted for each project:

Each permission determines the actions a user can perform in that particular project.

Read

The read permission allows users to only view the assigned projects and the project assets.

Example

Let’s say Tenant Demo has 3 projects: Project 1, Project 2, and Project 3. The tenant admin created a ‘Read Only’ custom role with only read access for Project 1 and Project 2.

When User A is assigned the ‘Read Only’ role, they can view only Project 1 and Project 2 in the Projects dashboard (i.e. they won’t see Project 3 as it is not added under the ‘Read Only’ role).

Given below is the table of operations user A can and can’t perform as per the ‘Read Only’ role settings.

User A Can User A Can’t
View only project 1 and Project 2 in the Projects dashboard Modify project 1 or Project 2
View the Workflows and FlowServices created under Project 1 and Project 2. Create, update, delete, or execute any of the Workflows or FlowServices in Project 1 and Project 2.
View the project APIs (REST and SOAP) and connectors (predefined, REST, SOAP, on-premises, and flat file) created in Project 1 and Project 2. Create, update, delete, or execute any of the APIs (REST and SOAP) and connectors (predefined, REST, SOAP, on-premises, and flat file) in Project 1 and Project 2.

Write

When you grant the ‘Write’ permission for a project, the ‘Read’ and ‘Execute’ permissions too are granted by default. Because of this, the ‘Write’ permission allows users to read, create, update, delete, and execute all assets of the assigned project.

Example

Let’s say Tenant Demo has 3 projects: Project 1, Project 2, and Project 3. The tenant admin created a ‘Write’ custom role with the ‘Write’ permission for Project 3 . As per the default settings, the ‘Read’ and ‘Execute’ permissions too are added for the ‘Write’ role automatically.

When User B is assigned the ‘Write’ role, they can view only Project 3 in the Projects dashboard (i.e. they won’t see Project 1 and Project 2 as they are not added under the ‘Write’ role).

Given below is the table of operations user B can and can’t perform as per the ‘Write’ role settings.

User B Can User B Can’t
View and edit only Project 3 in the Projects dashboard Note: Since the ‘Write’ permission by default adds ‘Read’ and ‘Execute’ permissions, users can perform all operations in the assigned project.
View, create, update, delete, and execute the Workflows and FlowServices in Project 3.
View, create, update, delete, and execute the APIs (REST and SOAP) and connectors (predefined, REST, SOAP, on-premises, and flat file) in project 3.

Note:

  • You can optionally deselect the checkbox for ‘Execute’ permission after adding the ‘Write’ permission.


    If you do so, you won’t be able to execute any of the project Workflows, FlowServices, APIs, or Connectors available under that project.
  • You cannot manually remove the ‘Read’ permission from a project as long as the ‘Write’ permission stays assigned to it.

Execute

The execute permission allows users to only execute the Workflows, FlowServices, and APIs available in the assigned project. However, users can’t view or modify the assigned project or project assets.

Example

Let’s say Tenant Demo has 3 projects: Project 1, Project 2, and Project 3. The tenant admin created a ‘Execute Only’ custom role with the ‘Execute’ permission for Project 2.

When User C is assigned the ‘Execute Only’ role, they can’t view Project 1 and Project 2 (since they are not added under the role) and project 3 (since they don’t have the ‘Read’ permission for that project) in the Projects dashboard. They can only execute the Workflows, FlowServices, and APIs available under project 3.

Given below is the table of operations user C can and can’t perform as per the ‘Execute Only’ role settings.

User C Can User C Can’t
Execute workflows in Project 2 only via webhook View any projects in the Projects dashboard
Execute FlowServices in Project 2 only via HTTP
Execute project APIs (REST and SOAP) in Project 2

Note:

  • The default project will always be accessible to only those users who have read and write permissions.
  • If users have the ‘Read’ permission along with the ‘Execute’ permission for a project, only then can they manually execute Workflows or FlowServices under that project.

Editing or deleting custom roles

You can also edit or delete a custom role. To do so, navigate to the tenant profile icon > User Management > Roles.

You will see a list of existing roles associated with your tenant. Locate the custom role you want to edit/delete. You will see two options, Edit and Delete, using which you can modify the custom role or delete it.

User Management

webMethods.io Integration provides you a quick way to add users to a tenant. To view and add users, log in to your tenant, click on the tenant profile icon located at the top-right corner of the home screen, and select User Management from the list of options that appear.

Users

This tab lets you view the existing users (along with the assigned roles) of the tenant and invite new users. Only the tenant owner and admin has access to this screen. To view the list of existing users, navigate to the tenant profile icon > User Management > Users.

Adding users

You can add new users with permissions to access your tenant. To do so, follow the instructions given below:

  1. Click on the App Switcher (bento menu) icon located beside the profile image and then select My Cloud.

  2. You will be redirected to the Software AG Cloud screen. From the menu bar, click on My Cloud and select Administration.

  3. Click on Add user to add a new user to the tenant.

  4. Fill in the required information of the user you want to add to the tenant and click on Save.

    Note: Any time stamp displayed in webMethods.io Integration is based on the user’s registered time zone specified in Software AG Cloud. Note that not all the time zones in Software AG Cloud are supported in webMethods.io Integration. If a time zone in Software AG Cloud is not supported, then the time stamp in webMethods.io Integration defaults to the Pacific Standard Time (PST) time zone.

  5. This will automatically send a notification mail to the newly added user prompting him/her to update the login password for the tenant. Once the user updates the password, he/she will be able to access the tenant and its projects.

  6. As soon as the user logs in to the tenant, his/her name will be added to the list of users under the Users tab. The user can then optionally change his/her role to allow or restrict access for specific projects.

Note: A new user is created in webMethods.io Integration when you log in for the first time using the Software AG Cloud login page with valid credentials. Roles associated with the user will be synchronized only during the first-time login to webMethods.io Integration.

Editing user roles

You can also change the current role assigned to a specific user. To do so, click on the Edit option given against the name of the user. The Edit User Role window appears.

After you have made the relevant changes, click Done. This will change the role assigned to the user.