Predefined Roles Related to Productions

Role for a trusted and skilled administrator. In a live or test system this is for the person able to stop, start, and configure productions; to stop and start individual configuration items; to look at all logs, messages, and queues; to purge data; to add default system settings; and so on. This administrator has almost unlimited ability to control the InterSystems IRIS Interoperability environment, but cannot change code components other than to deploy updates.

This role is intentionally distinct from InterSystems IRIS administrative roles and does not grant the user any non-production privileges.

The %EnsRole_Administrator role is a member of the %EnsRole_Operator role, and, therefore, also holds all the privileges of that role.

Role for a person developing business logic, data structures, or core InterSystems IRIS code. This includes writing code in Studio, writing DTL and BPL in either Studio or using the web interface, developing routing rules, and creating custom message schemas. In addition, this role allows a user to perform many administrative tasks, as the developer should have the ability to actively debug and test various options on development instances.

By default, members of the InterSystems IRIS Interoperability developer role have full programming power and as such, can modify DTL, BPL, and record maps. InterSystems IRIS provides separate resources for each type of code if you want to distinguish areas of development by creating custom roles.

The %EnsRole_Developer role is a member of both the %Developer and %EnsRole_WebDeveloper roles. Therefore, a user assigned to this role can perform all InterSystems IRIS development tasks as well as the web developer tasks.

Role for a person with limited development abilities. In particular, this restricts a user to the development tasks in the Interoperability menus of the Management Portal, like BPL, DTL, defining rules, and creating record maps. The role does not grant access to Studio or the terminal.

This role is a member of the %EnsRole_RulesDeveloper and %EnsRole_Operator role, so that a user that is a member of this role can perform debugging tasks in the Management Portal.

Role for a business analyst allowed to modify business rules dynamically. If you have developed a business process that requires such a function, you can allow a small number of people to modify the rules. This is not an administrative or development function.

%EnsRole_WebDeveloper is a member of this role.

Role for a generic user to view the InterSystems IRIS system monitor and the production monitor. Actions that would leave an audit trail if done from a user with %EnsRole_Operator have no effective audit trail from this generic username and therefore access needs to be restricted to a subset that does not include any risk of seeing sensitive data.

Role for operation staff managing the day-to-day status of a particular production. Users assigned to this role have the Read permission on the current configuration to determine what settings and code are in effect, but do not have permissions to modify the configuration. Operations staff may start and stop interfaces, and may start and stop the production. They do not have access to the contents of messages, but may resend messages which cause issues. Operators may view queue and job information, and may inspect the settings for purges, alerts, credentials, and lookup tables.

Both %EnsRole_Administrator and %EnsRole_WebDeveloper are members of this role.

Role for processing managed alerts assigned to any user or unassigned. For more information on processing managed alerts, see Acting on Alerts by Viewing My Managed Alerts.

Role for processing managed alerts assigned to current user or unassigned. For more information on processing managed alerts, see Acting on Alerts by Viewing My Managed Alerts.

Role that allows user to control the subscription criteria used to select messages and to specify the users to receive the messages. This role provides access to the management portal page that controls Publish and Subscribe routing. For more information on Publish and Subscribe messages, see Defining Publish and Subscribe Message Routing.