Role Management
Understand how to create and manage custom roles for your tenant.
Understand how to create and manage custom roles for your tenant.
A role is a set of permissions. When you assign a role to any user, the role’s permissions are assigned to that user.
To view and create roles, log in to your tenant, click on the tenant profile icon located at the top-right corner of the home screen, and select User Management from the list of options that appear.
You are redirected to the Roles screen.
The Roles screen allows you to view the list of existing roles and create new roles for your tenant. Only the tenant owner and admin have access to this screen.
IBM webMethods Embed provides two default roles:
You can also create custom roles for your tenant. These roles determine which projects must be made accessible for users of a particular role.
To create a new role, click on the New Role button given on the top-right corner of the Roles screen. A new Add Role window appears where you are prompted to provide the following details:
After you have assigned relevant permissions for required assets and projects, click Done. This creates a new role in your tenant.
There are three types of permissions that can be granted for each project:
Each permission determines the actions a user can perform in that particular project.
The read permission allows users to only view the assigned projects and the project assets.
Let’s say Tenant Demo has 3 projects: Project 1, Project 2, and Project 3. The tenant admin created a ‘Read Only’ custom role with only read access for Project 1 and Project 2.
When User A is assigned the ‘Read Only’ role, they can view only Project 1 and Project 2 in the Projects dashboard (They won’t see Project 3 as it is not added under the ‘Read Only’ role).
Given below is the table of operations user A can and cannot perform as per the ‘Read Only’ role settings.
User A Can | User A Cannot |
---|---|
View only Project 1 and Project 2 in the Projects dashboard | Modify Project 1 or Project 2 |
View the Workflows created under Project 1 and Project 2. | Create, update, delete, or execute any of the Workflows in Project 1 and Project 2. |
When you grant the ‘Write’ permission for a project, the ‘Read’ and ‘Execute’ permissions too are granted by default. Because of this, the ‘Write’ permission allows users to read, create, update, delete, and execute all assets of the assigned project.
Let’s say Tenant Demo has 3 projects: Project 1, Project 2, and Project 3. The tenant admin created a ‘Write’ custom role with the ‘Write’ permission for Project 3 . As per the default settings, the ‘Read’ and ‘Execute’ permissions too are added for the ‘Write’ role automatically.
When User B is assigned the ‘Write’ role, they can view only Project 3 in the Projects dashboard (They won’t see Project 1 and Project 2 as they are not added under the ‘Write’ role).
Given below is the table of operations user B can and cannot perform as per the ‘Write’ role settings.
User B Can | User B Cannot |
---|---|
View and edit only Project 3 in the Projects dashboard | Note: Since the ‘Write’ permission by default adds ‘Read’ and ‘Execute’ permissions, users can perform all operations in the assigned project. |
View, create, update, delete, and execute the Workflows in Project 3. |
The execute permission allows users to only execute the Workflows, FlowServices, and APIs available in the assigned project. However, users can’t view or modify the assigned project or project assets.
Let’s say Tenant Demo has 3 projects: Project 1, Project 2, and Project 3. The tenant admin created a ‘Execute Only’ custom role with the ‘Execute’ permission for Project 2.
When User C is assigned the ‘Execute Only’ role, they cannot view Project 1 and Project 3 (since they are not added under the role) and Project 2 (since they don’t have the ‘Read’ permission for that project) in the Projects dashboard. They can only execute the Workflows available under Project 2.
Given below is the table of operations user C can and cannot perform as per the ‘Execute Only’ role settings.
User C Can | User C Cannot |
---|---|
Execute workflows in Project 2 only via webhook | View any projects in the Projects dashboard |
You can also edit or delete a custom role. To do so, navigate to the tenant profile icon > User Management > Roles.
You see a list of existing roles associated with your tenant. Locate the custom role you want to edit/delete. You see two options, Edit and Delete, using which you can modify the custom role or delete it.