Defining User Roles (2.9)
This page describes how to define user roles. After defining user roles (and users), be sure to specify SSO rules to specify the user roles to which the users belong (thus specifying which permissions the users have).
Defining a User Role
To create a user role:
-
Click the Management icon in the application menu.
-
In the Security section, click User Roles.
The page then displays a list of the existing user roles.
-
Click New User Role in the upper right, above the table of user roles.
The system displays a popup dialog box.
-
For Role Name, type a unique but descriptive name for this role.
This name is shown when you define SSO rules.
-
Click Submit.
The new role is then added to the table.
-
Click the Edit icon in the row for the new role.
This displays the Role Privileges page, where you can define the role.
Filter Options in Role Privileges
When you view or edit role privileges, you can use filters in order to find particular items more easily. The filter options vary by item, but collectively are as follows:
-
Search box—Type a string to display only items containing this text.
-
Schema dropdown box—Select an SQL schema to show only items for that schema.
-
All—Click this link to remove any filtering by role assignment.
-
Assigned—Click this link to see only the items currently assigned to the role you are viewing. This option applies to application privileges and SQL capability privileges.
-
Unassigned—Click this link to see only the items not currently assigned to the role you are viewing. This option applies to application privileges and SQL capability privileges.
-
With Privileges—Click this link to see only the items for which the role currently has privileges. This option applies to SQL schemas, tables, procedures, and views.
-
Only Wildcards—Click this link to see only schema wildcards. This option applies to SQL schemas.
Editing Role Privileges
To edit the privileges held by a user role:
-
Click the Management icon in the application menu.
-
In the Security section, click Role Privileges. Then select the role from the Role dropdown list.
Or click User Roles and then click the Edit icon in the row for the role.
-
Then make edits as follows:
-
Click Application Privileges and then select the privileges this role needs to have within InterSystems TotalView™ For Asset Management. The page lists the privileges in groups with explanations of each.
-
Click SQL Capability Privileges and then select the SQL capabilities this role needs to have.
-
Click SQL Schema Privileges and then specify the privileges needed for specific SQL schemas (sets of tables) within InterSystems TotalView For Asset Management. (Note that you can also specify privileges via schema wildcards and you can specify privileges for specific tables.)
If the row for a given schema is grayed out, look for a schema wildcard that controls access to the schema. You can create an override. To do so, click the OVERRIDE check box and then specify privileges as needed.
-
Click SQL Procedure Privileges and then select the SQL procedures that this role should be able to execute.
-
Click SQL Table Privileges and then specify the privileges needed for specific SQL tables.
-
Click SQL View Privileges and then specify the privileges needed for specific SQL views.
This page provides filters you can use to find items more easily.
-
-
Click Save.
The system displays a message summarizing the changes it will make.
-
Click Apply to confirm the changes.
Schema Wildcard Privileges
A schema wildcard enables you to give access to multiple schemas, including schemas that have not yet been created but that will follow a naming convention. To add privileges using a schema wildcard:
-
Click Add Wildcard Schema.
-
For Schema Name, specify a schema name that includes an asterisk, which will represent any character. For example: Staging*
-
Press Submit.
This adds a row at the start of the schema privilege table.
-
In this new row, click the check box in the ENABLED column. This action enables you to specify privileges of different types for this schema wildcard.
-
In the same row, click the check box for each privilege you want to enable, for all schemas with names matching the given pattern. When you do so, the page also automatically selects the check box for each schema that matches the wildcard.
To disable a schema wildcard, clear the check box in the ENABLED column. When you do so, the page also automatically clears the check boxes for the schemas that matches the wildcard, showing these rows in a contrasting color so that you can find them easily.
To delete a schema wildcard, click Delete in the row for the schema wildcard. Then click Delete to confirm this action.
Renaming a User Role
To rename a user role:
-
Click the Management icon in the application menu.
-
In the Security section, click User Roles.
The page then displays a table of the existing user roles.
-
Click the Rename icon in the applicable row.
-
Type a new name into the dialog box.
-
Click Submit.
Deleting a User Role
To delete a user role:
-
Click the Management icon in the application menu.
-
In the Security section, click User Roles.
The page then displays a table of the existing user roles.
-
Click the Delete icon in the applicable row.
The system displays a popup dialog box to confirm this action.
-
Click Delete.