Lesson 1: The big picture
There are three interconnecting concepts that provide flexibility to your release process. In this lesson, you will gain an understanding these concepts: permission, team, and role. This lesson is an introduction to how these building blocks interact to provide a flexible and secure environment.
Permissions, roles, and teams work together to allow a security approach that is both flexible and complex, according to the needs of your environment. Permissions are the cornerstone to implementing a security plan. A permission defines a single task within IBM® UrbanCode™ Release. One or more permissions are assigned to a role. Finally, roles are associated with a team. A team is made up of users or groups.
- Seat customers
- Take orders
- Cook the food
- Give food to customers
- Deposit money in bank
- The role of waitress has the permission to take orders and give customers their food, but not deposit money into the bank.
- The role of chef has permission to cook the food.
- The role of manager has permission to handle all tasks.
| Seat customers | Take drink order | Take food order | Cook the food | Give food to customer | Clean tables | Sweep and mop floor | Collect payment from customer | Deposit money in bank | |
|---|---|---|---|---|---|---|---|---|---|
| Manager | X | X | X | X | X | X | X | ||
| Chef | X | ||||||||
| Host | X | X | |||||||
| Waiter One | X | X | X | X | X | ||||
| Waiter Two | X | X | |||||||
| Cashier | X | ||||||||
| Busboy | X | X |
These same roles and tasks can be found in most restaurants. However, there could be more or fewer roles at different restaurants. For example, one restaurant is upscale and has two additional roles, Host and Cashier, that do not exist in a casual-type restaurant. There could be multiple types of the same role that have different levels of responsibility. For example, in the table above, there are two waiter roles: Waiter One and Waiter Two. Notice that the assigned tasks are different for the two roles. Waiter One has two additional tasks to perform than Waiter Two: take drink orders and clean tables.
Drafting a chart or table of the tasks and roles needed to complete the work provides the framework for creating the roles in the user interface. Getting to this point is the difficult part. It takes time to gain a complete understanding of your project to ensure that all the tasks and roles are identified. Once roles are defined and associated with one or more permissions, they can be reused to create different teams. Teams can consist of identical or completely different roles.
Have you noticed that up to this point there has been no mention of users? It is important
to understand that users are separate from the infrastructure of permissions and roles. Individual
users or groups of users are assigned to a team and specific roles. Employees from each restaurant
are assigned to a team for the restaurant where they work. For example, at Restaurant A, Dale is
assigned to the Chef role and Jose to the Manager role. Employees can be given multiple roles:
Allison is assigned to Cashier and Host roles. 
Before you map users to teams and roles, planning what each user is required to do must be known. With a clear plan, the task of assigning teams and roles is simplified. Without a plan, it is possible for users to have more access than needed or not enough access to perform their work. In the following lessons, permissions and roles that are specific to IBM UrbanCode Release are covered.
Summary
The interlocking concept of teams, roles, and permissions can be used to ensure that users have the appropriate permissions to perform their work and not affect processes outside of their assigned scope. The interaction of the three approaches lets you create an infrastructure that is secure and flexible.
Checkpoint