Integration Runtimes Access Privileges
Learn about the access privileges supported for runtimes and how it impacts across various assets using the runtimes.
Runtime Access Privileges
Runtime ClassificationPublic RuntimesPrivate RuntimesKey Points related to Role Change and Multiple RolesTransferring Public Runtime OwnershipReassigning Private Runtime OwnershipSharing Private RuntimesRevoking Private RuntimesRuntimes can be configured to be private or public depending on your role privileges. A private runtime cannot be referenced or viewed by anyone other than the owner, that is, the user that registered the runtime. However, administrators can view private runtimes, and have limited access such as deregistering, restarting and managing instance but not configuration or syncing. An administrator can also create public runtimes, which are visible and configurable by all users.
In IBM webMethods Integration, administrator and developer are the two default roles. Any other role is considered as a custom role. For more information about users and roles, see User Management and Role Management.
Restricting the visibility of runtimes based on access privileges offers benefits such as:
Enhanced Security: Restricting runtime access by user role minimizes unauthorized access and protects sensitive data, ensuring only privileged users can view or modify runtimes.
Reduced Risk of Errors: Role-based access prevents accidental changes and misconfigurations, allowing developers to focus on their tasks without affecting other system parts.
Customized Access Control: Custom roles allow tailored access, enhancing flexibility and ensuring users interact only with relevant components.
Overall, these benefits contribute to a more secure, manageable, and efficient integration environment.
Runtime Classification
Runtimes are classified as follows:
Public: Can be accessed by all users irrespective of their access privileges. Only administrators can create and manage a public runtime.
Private: Can be accessed by the user who created the runtime. A user with either an administrator or developer role can create a private runtime, becoming its owner.
Note
Cloud Runtime is the default runtime, and all users can access it.
Runtimes registered before 11.0.7 version are considered as public runtimes and the owner of those runtimes is the tenant owner user.
Developers cannot transfer ownership of their private runtimes.
The following table lists the access privileges for each role:
Public Runtimes
| Register Public Runtimes | Manage Public Runtimes | Access Public Runtimes | View Public Runtimes | |
|---|---|---|---|---|
| Administrator | Yes | Yes | Yes | Yes |
| Developer | No | No | Yes | Yes |
| Custom | No | No | Yes | Yes |
Private Runtimes
| Register Private Runtimes | Manage Private Runtimes | Access Private Runtimes | View Private Runtimes | |
|---|---|---|---|---|
| Administrator | Yes | Yes | Yes, if the user is the owner. |
Yes |
| Developer | Yes | Yes, | Yes, if the user is the owner. |
Yes |
| Custom | No | No | No | No |
Registering and managing runtimes includes tasks mentioned in the sections, Register and View Runtimes. and Integration Runtime Management.
Some examples of viewing and accessing runtime tasks are, using runtimes in integrations, viewing the runtime details in the Integration Runtimes Dashboard page, or updating connections. For example, if a user does not have access to a runtime, then in:
Deploy anywhere flow service: runtimes are not displayed.
Flow service using package service: runtimes are strike-through.
Flow services Monitor page: runtimes are not displayed.
Connectors > Deploy Anywhere > Manage Runtime page: runtimes are not displayed.
REST API using Package Service: runtimes are not displayed.
Workflow: runtimes are not displayed.
Note
In workflows or flow services, if a service uses an integration runtime that you do not have access to, the runtime is displayed when you first open the settings. You can select a different runtime that you have access to and proceed. If you continue with the inaccessible runtime, you cannot perform the sync and test operations. However, the workflow can still run, and results might not be as expected.
Key Points related to Role Change and Multiple Roles
If a user changes roles, then the privileges applicable to the new role come into effect. For example, if a user role is changed from Developer to Custom, then custom access privileges come into effect.
If a user has multiple roles, then the resultant roles are as follows:
- Administrator, Developer = Administrator
- Administrator, Custom = Administrator
- Developer, Custom = Developer
- Administrator, Developer, Custom = Administrator
If an administrator or developer becomes a custom user and they own a private runtime, then the custom users continue to own them unless the administrator removes the runtime.
Transferring Public Runtime Ownership
You can use the Transfer Ownership option to assign a runtime to another authorized user. This is useful when a runtime needs to be managed by a different user without disrupting its operations.
Go to the Integration Runtime dashboard.
Select a public runtime from the available list.
Choose Transfer Ownership from the vertical ellipsis menu. The Transfer Ownership runtime page appears.
In the text box, type the name of any admin user. A list of matching users appears. Select the desired admin user from the list.
Click Proceed.
Click Transfer Ownership. A confirmation message on ownership transfers appears.
Reassigning Private Runtime Ownership
You can use the Share option to reassign ownership of a private runtime to another user within the environment. This option is useful when the current owner changes roles, leaves the organization, or transfers responsibilities to another administrator.
Go to the Integration Runtime dashboard.
Select a private runtime from the available list that you own.
From the vertical ellipsis menu, choose Share or Collaborators based on your requirements. The Share runtime page appears.
NoteIf you own the private runtime, the Share option is displayed. Otherwise, the Collaborators option is displayed.Click
. The transfer ownership of runtime page appears.Select a user from the existing users list.
(Optional) Use the text box at the bottom of the interface to transfer ownership to a user who is not a collaborator. Enter the user’s name and select the desired user from the matching list.
Click Proceed. A confirmation message on ownership transfer appears.
Sharing Private Runtimes
Go to the Integration Runtime dashboard.
Select a private runtime owned by you. Or, select the filter
Ownedfrom the list. The private runtime list appears if any.Select Share in the vertical ellipsis menu. The Share runtime page appears.
Enter the username in the text box. The selected username appears in the text box.
Click Share.
Revoking Private Runtimes
You can manage access to the runtime by revoking share permissions, ensuring only authorized users have access.
Go to the Integration Runtime dashboard.
Select a private runtime owned by you. Or, select the filter
Ownedfrom the list. The private runtime list appears if any.Select Share in the vertical ellipsis menu. The Share Runtime page appears.
From the list, select the user whose runtime access you want to revoke.
Click
(minus icon). A confirmation message appears, and a notification displays the update.