Users and user roles in the connection manager and the manager

The connection manager and the manager use a predefined set of user roles. User roles define the tasks that each user can perform.

Supported user roles

The connection manager supports the following user roles.
User role Description of role
ocmadmin The administrator of the connection manager, who configures and maintains Optim™ directory connection settings and imports and maintains users.
admin The administrator of the manager, who configures and maintains services.
The manager supports the following user roles.
User role Description of role
admin The administrator of the manager, who configures and maintains services.
designer The service designer, who creates and tests services in the manager.
requester The test analyst, who makes work order requests in the manager.
operator The test analyst, who makes work order requests in the manager.
reviewer The business analyst, who reviews service requests in the manager to ensure that the requests are made for valid business reasons.
The following users are configured in WebSphere® Application Server Community Edition in its default configuration. You can access the connection manager and the manager with these user credentials to test and evaluate the connection manager and the manager.
User name Password User role
ocmadmin ocmadmin ocmadmin
admin admin admin
designer designer designer
requester requester requester
operator operator operator
reviewer reviewer reviewer

Use WebSphere Application Server Community Edition in its default configuration only for test or evaluation purposes. For a secure production environment, create your own user credentials and map the roles that are used by InfoSphere® Optim web applications to the user credentials.

Assigning multiple user roles to a user

When you map user roles to user credentials, you can assign more than one user role to a single user. Each user role that you assign to a user gives the user access to the functions that are associated with the user role. For example, you assign the reviewer user role and the designer user role to a user. The user has access to the functions that are associated with the reviewer user role and to the functions that are associated with the designer user role.

Other elements of security

User roles are only one element of security that is provided by the manager.
  • If a service is added to a group, a user must be granted access to the group before the user can run the service.
  • An administrator can configure tabs in the manager so that the tabs cannot be accessed by users who do not have a user role of admin. In these cases, a user might not be able to perform tasks that would otherwise be allowed by the user role.

Tasks

Each user role gives users permission to perform a set of tasks that are appropriate to users with that user role. The following tables indicate which tasks can be performed by users that have each user role.

Table 1. Configuration manager tasks that can be performed by users with each user role
Tasks Roles
Manage Optim directory connections (create, edit, remove) admin, ocmadmin
Import users from LDAP server or from file admin, ocmadmin
Edit email addresses of users admin, ocmadmin
Connect to the connection manager from the designer admin, designer
Table 2. Configuration and preferences tasks that can be performed by users with each user role
Tasks Roles
View Servers on the Configuration tab admin, designer, operator
View Users and Groups, Tabs, and Work Orders on the Configuration tab admin
Set global preferences admin
Set user and display preferences admin, designer, operator, requester, reviewer
Manage groups admin
Grant and remove user access to groups admin
Enable email notifications for work order changes admin
Manage user-defined tabs admin
Change access to tabs in the manager admin
Table 3. Service management tasks that can be performed by users with each user role
Tasks Roles
View the Service Management tab admin, designer, operator
Run services and service sets admin, designer, operator
Schedule services and service sets admin, designer, operator
Change service input values admin, designer, operator
Manage service sets (create, edit, delete) admin, designer, operator
Assign services to a server admin, operator
Table 4. Service monitoring tasks that can be performed by users with each user role
Tasks Roles
View the Dashboard and Service Monitoring tabs admin, designer, operator
Stop services admin, designer, operator
Restart services admin, designer, operator
Purge service instance information admin
Manage service instance filters admin
Table 5. Work order tasks that can be performed by users with each user role
Tasks Roles
View Work Order Management and Work Order Monitoring on the Work Orders tab admin, designer, operator, requester, reviewer
Create a work order admin, designer, operator, requester, reviewer
Add a comment to a work order admin, designer, operator, requester, reviewer
Approve a work order for development admin, designer, operator, requester, reviewer
Deny a work order and return the work order to a requester admin, designer, operator, requester, reviewer
Resubmit a work order to a reviewer or designer admin, designer, operator, requester, reviewer
Associate a work order with a service or service set admin, designer, operator, requester, reviewer
Change the service or service set that is associated with a work order admin, designer, operator, requester, reviewer
Reject a work order and return the work order to a requester admin, designer, operator, requester, reviewer
Run a service or service set that is associated with a work order admin, designer, operator, requester, reviewer
Return a work order to a designer admin, designer, operator, requester, reviewer
Terminate or close a work order admin, designer, operator, requester, reviewer


Feedback

URL of this topic: