Roles and their accessible functions

Edit online

In IBM® Unified Experience for z/OS®, super administrator, team administrator, and team member roles have different responsibilities.

Subsections:

The following figure illustrates an overview of user roles and their major responsibilities.

Figure 1. User roles and major responsibilities

User roles and responsibilities in Db2 CI/CD Expert
Note: All of these functions are available only if Unified Management Server is used with the Db2 CI/CD Expert product. With only Unified Management Server installed, all you can do is view the subsystems that have been discovered by UMS.

Db2 CI/CD Expert user roles and responsibilities

The following table summarizes the user roles and their accessible functions of Unified Management Server running with Db2 CI/CD Expert.

Table 1. Db2 CI/CD Expert user roles and responsibilities
Category Task Super administrator Team administrator Team member
Subsystems View subsystems Available Available Available
Register subsystems Available -- --
Edit subsystems Available -- --
Remove subsystems Available -- --
Environments View environments Available Available Available
Create environments Available -- --
Edit environments Available -- --
Delete environments Available -- --
Teams View teams Available Available Available
Create teams Available -- --
Edit teams (assign users and environments) Available Available (their own teams only) --
Delete teams Available -- --
Users View users Available Available Available
Assign users to teams with roles Available (to all teams) Available (for their own teams only) --
Remove users from teams Available (for all teams) Available (for their own teams only) --
Storage View by team Available Available Available
View by environment Available Available Available
View by user Available Available (for non-super administrators only) Available (for non-super administrators only)
View by application Available Available Available
Create storage limit Available Available (for their own teams only) --
Applications View applications Available Available Available
View application details Available Available Available
Register applications Available Available (for their own teams) --
Edit application settings Available (can change the owner to any team) Available (can change the owner to their own teams only) --
Delete applications Available Available (for their own teams) --
Site rules View site rules Available Available Available
Create site rules Available -- --
Edit site rules Available -- --
Assign site rules to applications Available Available (their own teams only) --
Assign site rules to environments Available -- --
Delete site rules Available -- --
Instances View instances Available (all instances) Available (all instances) Available (all instances)
Provision instances Available (see notes 5 and 6) Available (see note 5) Available (see note 5)
Change instance owners Available (see note 4) Available (see note 4) Available (see note 4)
View application details and instance object definitions Available (all instances) Available (all instances) Available (all instances)
Edit instance object definitions Available (see note 3) Available (see note 2) Available (see note 1)
Submit pull requests Available (see note 3) Available (see note 2) Available (see note 1)
Deprovision instances Available (all instances) Available (their own team's instances only) Available (instances that they own)
SQL Processor Run SQL queries.

Authorizations are dependent on user permissions in Db2. You must have permission to run a command in Db2 to run the same command using SQL processor.

 Available Available Available
Notes:
  1. Team members can edit instance objects and submit pull requests only if they are the instance owners, belong to the team that owns the originating application, and the instance was provisioned by that team.
  2. Team administrators can edit objects in the instance that a team member has provisioned and submit pull requests only if they are the team administrator of the team that owns the originating application, and the instance was provisioned by that team.
  3. Super administrators can edit instance object definitions of their own instances and submit pull requests only if they belong to the team that owns the originating application, and the instance was provisioned by that team.
  4. Only the administrator and the members of the team that owns the instance can change the owners of the instance.
  5. Only a team that has team members can create an instance.
  6. If the super administrator, who creates the instance, is not part of the team under which the instance is being created, the super administrator cannot become the default owner of the instance. Therefore, the super administrator must select at least one instance owner.

The following table summarizes instance-specific roles (regardless of user roles) and their accessible tasks related to pull requests.

Table 2. Pull requests: Tasks and roles
Task Instance editor Instance reviewer Other users
Submit pull requests for instances that you can edit Available (see note 1) -- --
Add users as additional reviewers Available -- --
View all pull requests that you opened Available -- --
View all pull requests that you are a reviewer of -- Available --
View pull request details Available Available --
Add, edit, and delete comments to any pull requests that you opened Available Available --
View comments from other users Available Available --
Decline pull requests Available Available --
Approve pull requests -- Available (see note 2) --
Mark pull requests as "Needs work" -- Available --
Merge pull requests Available Available --
Notes:
  • Submitting a pull request is allowed only if the instance owner (the team member who provisioned the instance) is a member of the team that owns the originating application.
  • Any reviewers can approve pull requests, but at least one team administrator of the team that owns the originating application of the instance must approve the pull request before it can be merged into the originating application.

The following table summarizes the Db2 continuous deployment (CD) user roles and their accessible functions in Db2 CI/CD Expert related to deploying Db2 objects through environments in a release:

Table 3. Db2 CI/CD Expert user roles and responsibilities for continuous deployment (CD)
Category Task Db2 CD administrator Db2 CD operator Db2 CD user
Landscapes View landscapes Available Available Available
Create landscapes Available -- --
Edit landscapes Available -- --
Explore paths for landscapes Available
  • View, add, or delete a path and its nodes.
  • Explore the path and add new nodes to it.
 Available
  • View and explore a path and its nodes.
 Available
  • View and explore a path and its nodes.
Delete landscapes Available -- --
Deployment Environments View deployment environments Available Available Available
Create deployment environments Available -- --
Edit deployment environments Available -- --
Explore paths for deployment environments Available
  • View, add, or delete a path and its nodes.
  • Explore the path and add new nodes to it.
 Available
  • View and explore a path and its nodes.
 Available
  • View and explore a path and its nodes.
Delete deployment environments Available -- --
Paths View paths Available Available Available
Create paths Available -- --
Edit paths Available -- --
Add nodes Available -- --
Add initial/after nodes Available -- --
Delete nodes Available -- --
Explore paths for landscapes or deployment environments Available Available Available
Delete paths Available -- --
Manifests View manifests Available Available Available
Create manifests Available -- --
Edit manifests Available Available (Only if you are a participant)
  • Edit the manifest that you have created, which is open for editing or reviewing.
 Available (Only if you are a participant)
  • Edit the manifest that you have created, which is open for editing or reviewing.
Delete manifests Available -- --
Deployment rules View deployment rules Available Available Available
Create deployment rules Available -- --
Edit deployment rules Available -- --
Delete deployment rules Available -- --
Releases
Note: This is available in the API and not in the user interface (UI).
 View releases Available Available Available
Create releases Available Available --
Edit releases Available Available --
Delete releases Available Available --
Deployments
Note: This is available in the API and not in the user interface (UI).
 Create deployment plans Available Available --
Approve deployment plans Available -- --
Run deployments Available Available (Only if the action is approved by the Db2 CD administrator) --
Business objects View business objects Available Available Available
Create business objects Available -- --
Edit business objects Available -- --
Add business consolidation Available -- --
Add business environment objects Available -- --
Delete business objects Available -- --
Pending changes View pending changes Available Available Available