A Role is an application specific collection of Privileges. Users can be associated one or more roles, thus granting the user all of the privileges associated with that role or collection of roles. Using roles makes it possible to quickly and explicitly grant and revoke sets of privileges from sets of users.
The Role tab of the Access Control Managment interface allows CSM application administrators to to add and remove roles, add and remove privileges from roles, and search for existing roles. To use the Role tab, launch the CSM administrative interface and search for the application whose roles you wish to manage. Highlight the application name, click the View button and click the Role tab from the Access Control Management interface.
In order to manage CSM applications and resources, you must be logged into a grid account that is configured to be a CSM administrator. During the installation process, it was recommended that at least one grid identity be added as a CSM administrator. If your account was not configured to be a CSM administrator, review step 7 of the Installation Guide.
If you have added your grid account as a CSM administrator but you are experiencing an error similar to the one pictured to the right, make sure that you specified the correct grid account in the Credential select box of the Application Access Control interface.
You can search for existing Roles using the Role Search pane located on the left side of the role tab of the Access Control Management interface. Enter the name of a role in the role search input box and click the Search button. You can use the * character as a wildcard in your search terms. The CSM admin interface will attempt to find the Role matching the name you entered and will display it in the Roles pane below the role search pane. In the following screenshot, a search on the term "Admin" resulted in the display of the Admin role in the roles pane.
Clicking on the search button without entering any search terms in the role search input box returns all of the application's roles in the roles pane. In the following screenshot, all four of the example application's roles have been returned.
To add a new role, click on the Add Role button located below the roles panel. The Create Role interface will appear. Enter a name for the new role in the Role Name input box and add a role description in the Description input box. Click on the Create button to add the new role.
Once the role has been successfully created, the roles pane should refresh and the new role should appear.
To edit an existing role, first perform a search that will display the role you wish to update. Click on the role name from the Roles pane. The Role pane located on the right side of the interface will populate with data sepcific to the role. The Id, Name, Description, and Last Updated fields will display values associated with the role. The Privileges in Role box will display privileges that have already been added to the role, and the Available Privileges box will show privileges that have not yet been added. See the Adding Privileges to a Role and Removing Privileges from a Role sections for instructions on adding and removing privileges from a role.
After selecting the role you wish to update, modify the text input fields in the role pane with new values. The Id and Last Updated fields are read only and cannot be updated directly. The Name and Description fields may be updated with new values. Take care not to change the name of the role to a name that is already in use. Attempting to do so will cause the following error message:
After you have updated the Name and Description fields of the role, click the Modify button. The role values will be updated and the Last Updated date should now be set to the current date. If the role's name was changed, the new name should be shown in the Roles pane to the left.
To remove a role, first perform a search whose results include the role to be removed. Click on the name of the role in the Roles pane to highlight it. Click on the Remove Role button to remove the role.
|Use caution with this feature! Clicking Remove does not prompt for confirmation and cannot be undone.|
Privileges listed in the Available Privileges box may be added to a Role. Peform a search whose results include the name of the role you wish to add a privilege to. Click on the role name listed in the Roles pane to the left to display the role's field values in the Role pane to the right. The Privileges in Role box will display all of the privileges already added to the role, while the Available Privileges box will display privileges that may be added.
Click on the name of the privilege you wish to add to the role to highlight it. Click on the << button to move the privilege from the Available Privileges box to the Privileges in Role box. This adds the privilege to the Role immediately (i.e. there is no need to click the Modify button).
If you wish to create new privileges that can be added to a role, refer to the Managing Privileges guide.
Privileges listed in the Privileges in Role box can be removed from the Role. Open the Role for editing using the same process as was outlined in the Adding Privileges to a Role section. You should see a list of privileges in the Privileges in Role box. Click on the privilege you would like to remove and click the >> button. This moves the privilege from the Privileges in Role box to the Available Privileges box and immediately removes the privilege from the role (i.e. there is no need to click the Modify button).