Managing user permissions
You can manage the permissions of your users for Operational Decision Manager in IBM Cloud Pak Platform UI (Zen). These permissions are used to access Decision Center and Decision Server consoles, or to control access to decision runtime and management REST API endpoints.
Before you begin
For more information about managing users in the Zen console, see Managing users in the IBM Cloud Pak Platform UI documentation.
About this task
A role is a container of permissions. You create a role and add permissions to the role, and then assign the role to users or user groups.
The Operational Decision Manager capability comes with four predefined Zen roles.
ODM Zen roles | ODM Zen permissions | Description |
---|---|---|
ODM Administrator |
|
Gives a user full administrator rights to Decision Center and Decision Server. |
ODM Business User | ODM - Manage decision services in Decision Center | Gives standard access to Decision Center. |
ODM Runtime administrator | ODM - Administer Decision Server | Gives all the rights to administer Decision Server. |
ODM Runtime user | ODM - Execute decision services in Decision Server | Gives rights to only execute decision services. |
ODM Zen permissions | ODM Liberty roles | Description |
---|---|---|
ODM - Administer Decision Center | rtsAdministrators | Gives all the rights of the regular user and the configuration manager user, and can, for example, enforce security on decision services. |
ODM - Administer database for Decision Center | rtsInstallers | Needed to manage some Business console DBAdmin REST API endpoints. |
ODM - Manage decision services and deployment in Decision Center | rtsConfigManagers | Gives all the rights of the regular user, and can, for example, create and edit configurations. |
ODM - Manage decision services in Decision Center | rtsUsers | Regular Decision Center business user. |
ODM - Administer Decision Server | resAdministrators | Gives full control in the Decision Server console and on deployed resources. |
ODM - Execute decision services in Decision Server | resExecutors | Can execute decision services. Must be used in conjunction with another role if you want to execute decision services from the Decision Server console. |
ODM - Monitor and deploy decision services in Decision Server | resDeployers | In addition to monitoring rights, can, for example, deploy decision services. |
ODM - Monitor decision services in Decision Server | resMonitors | Can monitor (read-only) decision services in the Decision Server console. |
If the predefined ODM Zen roles do not fit your needs, you can disable them by setting the following parameter in the custom resource (CR) file:
odm_configuration:
create_default_zen_roles: false
Procedure
To create your own roles, go to the Zen console and follow this procedure.