Managing User Roles

Users are usually assigned roles, which are basically equivalent to tags and which can be leveraged in the definition of permission rules. For example, a user with the role "Planner" could be allowed to create a new plan, while a user without this role would not.

Permissions for each role can be configured from the web client. For more details, please refer to Section Understanding the Permission Management View.

By default, the following roles are available:

API_KEY_ADMIN provides users with permissions to display, create and delete API keys for all users.
API_KEY_BACKOFFICE provides users with permissions to display, create and delete their own API keys.
APPLICATION_ADMIN provides users with all permissions on every application elements.
GENE_USER is the default role for users.
SESSION_TRACKING provides users with access to metrics about any user session via a dedicated endpoint. For more details, please refer to Section Monitoring Active Sessions Using REST and Chapter Monitoring Activity.
SYSTEM provides users with all permissions on every Platform elements. Permissions for this role are not configurable from the Platform web client.
PERMISSIONS_ADMIN provides users ACCESS and MODIFY on APPLICATION_PERMISSIONS, as well as permissions on all application elements. Permissions for this role are not configurable from the Platform web client.

The Platform relies on the roles SYSTEM, APPLICATION_ADMIN, API_KEY_ADMIN and API_KEY_BACKOFFICE, while GENE_USER and SESSION_TRACKING are predefined as a convenience to the application.

To manage user roles in Keycloak

Connect to the Keycloak administration console on port 9090. For more details, please refer to Section Accessing the Application Endpoints.
From the menu, click on Configure > Clients. The page Clients opens.

Selecting the 'gene-web' Client
Select gene-web. The page Clients > gene-web opens.
From the Roles tab, the buttons Add Role, Edit and Delete allow modifying the list of roles.

Checking the Content of the 'Roles' Tab