Lesson 3: Roles
If we think of permissions as the building blocks that define the various tasks to be performed, roles take those blocks and organize them into sets of tasks to be performed by a user or group of users. In this lesson, you will learn about predefined roles, modifying roles to fit your organization, and how permissions are assigned to roles.
After a user is defined, they have very limited access to the release. They can only view information on the dashboard. Depending on the tasks that a user has responsibility to perform and their "need to know," they are assigned to roles. Roles in IBM® UrbanCode™ Release are based on a set of defined permissions. It is the assigning of a role to a user that gives the user permission to complete their tasks related to the release lifecycle.
Roles are not directly assigned to users and groups of users. Users or groups are assigned to a team with a specific role. You will learn more about teams and the relationship to roles in the next lesson.
Defined roles
There are several predefined roles that are included with the product. They cover the types of roles that are typically part of every release team.
The predefined roles might not completely reflect your team, so you can add roles. Because a role is defined by the permissions assigned to it, you need to first understand permissions.
Exploring roles
Administrator role versus the admin user
The Administrator role can be assigned to any user. The permissions for the administrator role can also be modified. As seen in the previous activity, it is possible to have two types of administrators, each with a set of different permissions. For example, one administrator has responsibility for tasks related to security and another to tasks related to release process. You can control the scope of the administrator by defining multiple administrator roles and assigning users accordingly.
The admin
user is a
predefined user . This is superuser with all permissions. The admin
user can perform all product tasks. This
user cannot be deleted. Also, permissions cannot be removed from this user. It is
important that this user ID be protected. When the product is installed the password for
this user ID is admin
. It should be
changed and maintained by the user responsible for securing this user ID.
Summary
Roles define jobs to be performed by a user or group of users. Roles are a collection of permissions that add another layer to an organization's security model. Grouping permissions into roles that match how work is performed in the organization provides a method to ensure users have access only to what they need to accomplish their responsibilities in the release process.
Roles are not directly assigned to users and groups of users. Roles are assigned to a team, and they can be used by multiple teams. Users or groups are assigned to a team with a specific role.