Standard operating procedure roles

The standard operating procedure component obtains the current authentication credentials to determine what actions each user is authorized to do. Each user is authorized to do standard operating procedure actions that are based on the LDAP roles that the user is assigned to. A user must match the distinguished name (DN) that is used in association with the standard operating procedure objects.

The following table outlines which roles can do what actions in relation to standard operating procedures.
Table 1. Standard operating procedure actions and required roles
Action Role required
Create a standard operating procedure
  • Users who are listed in either the SopAdminRoles system property, or in the SopAuthorRoles system property.
Read a standard operating procedure definition
  • Users who are listed in either the SopAdminRoles system property, or in the SopAuthorRoles system property.
  • Any role that is granted read access either by the creator, or by an editor of the definition.
Update or delete a standard operating procedure definition
  • Users who are listed in the SopAdminRoles system property.
  • Any role that is granted write access either by the creator, or by an editor of the definition.
Launch an instance of a standard operating procedure
  • Users who are listed in the SopAdminRoles system property.
  • Any role that is granted write access in the standard operating procedure definition, either by the creator or by an editor.
Read the details for an instance of a standard operating procedure
  • Users who are listed in the SopAdminRoles system property.
  • Any role that is granted read access in the standard operating procedure definition, either by the creator or by an editor.
  • Any role that is granted read access in the activity definition, either by the creator or by an editor.
Update or delete an instance of a standard operating procedure
  • Users who are listed in the SopAdminRoles system property.
  • Any role that is granted write access in the standard operating procedure definition, either by the creator or by an editor.
  • Any role that is granted write access in the activity definition, either by the creator or by an editor.
Read the details for an activity
  • Users who are listed in the SopAdminRoles system property.
  • Any role that is granted read access in the standard operating procedure definition, either by the creator or by an editor.
  • Any role that is granted read access in the activity definition, either by the creator or by an editor.
Update an activity
  • Users who are listed in the SopAdminRoles system property.
  • Any role that is granted write access in the standard operating procedure definition, either by the creator or by an editor.
  • Any role that is granted write access in the activity definition, either by the creator or by an editor.
Create references in the library Users who are listed in the following system properties:
  • ReferenceLibrarianRoles
  • SopAdminRoles
  • SopAuthorRoles
Note: Only ReferenceLibrarianRoles users can create shared references.
Edit and delete references in the library
  • Users who are listed in the ReferenceLibrarianRoles system property.
  • Users who are listed in the SopAdminRoles system property and the SopAuthorRoles system property can edit and delete only references that they created.
Note: The ReferenceLibrarianRoles system property does not exist in the default IBM® Intelligent Operations Center deployment. If you do require a user or group to have access to create only references, create the ReferenceLibrarianRoles system property and configure the value with a list of the required user IDs.