User Management

User roles are the main mechanism used to control access to different parts of the IBM Automatic Data Lineage platform.

By default, the installer creates three users. The accounts are listed in Manta Flow Server Authentication and Authorization in the section called Manta Native Authentication / Default Users. The two technical users are:

• System—system account used by command line clients to work with the metadata repository

• User—user account for exploring dataflow visualization

The user credentials provided during installation are used to create the default administrator user account.

User Roles Used in Manta Admin UI

This section only contains roles used in Manta Admin UI. You can find the roles used in Manta Flow Server here: Manta Flow Server Authentication and Authorization.

User roles have played a more important role in the workings of the Admin UI frontend. Since this release, the roles have influenced which parts of the UI are accessible to the user. The roles previously used in Admin UI are kept, but they have wider influence on the application. Plus, there are new roles that provide the necessary granularity when working with the application.

Manta Configurator

The configuration section of Admin UI is more complex, so there are more roles to provide better access granularity to different sections. The roles restrict both access to Admin UI and access to specific configuration resources. Access to resources is managed in the base_config_categories.json configuration file. Each of the roles in the configuration section has two variants. One is used to display the configuration values and the other is used to edit the values. This way, it’s possible to create users with read-only access who cannot change the actual configuration.

The defined roles are:

• ROLE_CONFIGURATOR_READ and ROLE_CONFIGURATOR_WRITE, which enable access to defined connections and manual configurations allowing users to create, update, validate, delete, enable, and disable configurations

• ROLE_CONFIGURATOR_COMMON_READ and ROLE_CONFIGURATOR_COMMON_WRITE, which enable access to common connection configurations

• ROLE_CONFIGURATOR_INTEGRATION_READ and ROLE_CONFIGURATOR_INTEGRATION_WRITE, which enable access to integration configurations

• ROLE_CONFIGURATOR_SYSTEM_READ and ROLE_CONFIGURATOR_SYSTEM_WRITE, which enable access to the rest of the available configurations, mainly including the license and maintenance configuration sections

Process Manager

The Process Manager role consists of three distinct roles, each of which make the Process Manager tab accessible. The Process Manager role requires that the user has the ROLE_CONFIGURATOR_READ and ROLE_CONFIGURATOR_INTEGRATION_READ roles as well. These roles have to be explicitly added to the configuration. The configurator roles are needed because Process Manager needs read access to the configured connections and integrations. Without these roles, it is not possible to execute new workflows or list all available scenarios.

• ROLE_PROCESS_MANAGER_READ — This role enables the user to show the available workflows and their history. With this role, it is not possible to create new workflows or execute existing workflows. This role does not allow the user to edit or delete existing workflows.

• ROLE_PROCESS_MANAGER_WRITE — This role enables the user to create new workflows and edit or delete existing workflows. This role needs the ROLE_PROCESS_MANAGER_READ role assigned to it as well. Without the read role, the user cannot see any defined workflows, so it’s not possible to edit or delete them. This role does not allow the user to execute existing workflows.

• ROLE_PROCESS_MANAGER_EXECUTE — This role enables the execution of existing workflows. This role needs the ROLE_PROCESS_MANAGER_READ role assigned to it as well. Without the read role, the user cannot see any defined workflows, so it’s not possible to execute them.

These roles can be combined to create more complex access restrictions. Examples of combinations that would make sense are READ+WRITE, READ+EXECUTE, or all three. Combinations without the READ role make no sense because without the READ role the process manager is accessible but it’s content is not.

Log Viewer

• ROLE_LOG_VIEWER — This role enables access to the Log Viewer part of the Admin UI.

• ROLE_LOG_VIEWER_EXPORT — This role enables the export of logs from the Log Viewer repository.

• ROLE_LOG_VIEWER_IMPORT — This role enables the import of previously-exported log packages from the same or other Manta instances.

Application Manager

• APP_MANAGER_READ — This role enables access to the whole Application Manager section of the Admin UI.

• AGENT_MANAGER_READ — This role enables read-only access to the Agent management section located in Application Manager.

• AGENT_MANAGER_WRITE — This role enables write access to the Agent management section located in Application Manager.

License-Related Roles

New application roles are required for reading and updating license-related information in Admin GUI.

• ROLE_LICENSE_STATS — This role enables access to the license usage statistics in Configurator.

• ROLE_LICENSE_READ — This role allows the current license key details to be displayed on the Admin UI screen.

• ROLE_LICENSE_WRITE (prior to R42.7) — This role is required for updating the license through Admin GUI Configurator.