Adding or Updating Access Profiles

Edit online

Use the Access Profiles screen to create or edit profiles assigned to users.

To add or update an Access Profile:

  1. From the IBM® webMethods Cloud Container navigation bar, go to Settings > Access Profiles.
  2. Click Add New Access Profile to add a custom access profile or click Edit to modify an existing Access Profile.
  3. On the Add New Access Profile > Access Profile Information tab, complete the following fields. Required fields are marked with an asterisk on the screen.
    Table 1. Access profile information fields
    Field Description
    Name Provide a name for the Access Profile. You can reference the profile by name when assigning it to a user.
    Description Provide a general description for the Access Profile.

  4. On the Login IP Address Restrictions page, complete the following fields:

    Table 2. Login IP address restrictions fields
    Field Description
    IP Address Ranges For extra security, enter ranges of IP addresses from which users are allowed to access the platform. If a user attempts to login from a computer on a network outside of the specified range, access to the platform is denied.
    Note: A maximum of 25 IP address ranges can be specified. You can add, modify, and delete the entries. Accepted format is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy, where xxx and yyy are numbers in the range 0-255 and xxx.xxx.xxx.xxx is less than or equal to yyy.yyy.yyy.yyy. To specify a single IP address, use the same IP address for the start and endpoint of the range: 192.168.1.1 - 192.168.1.1.

    When a user attempts to log in, the IP address of the system the request originated from is checked against the configured settings. If the address is in the allowed range, the user can continue the login process. Otherwise, login is denied. Access violations are recorded in the audit log, identifying both the user and the IP address from where the login attempt originated. Login restrictions do not apply to Customer Support logins.

  5. On the Administrative Permissions page, select the operations a user can perform in order to access, view, create, update, upgrade, administer, execute, export, deploy, and delete and to allow the user to customize selected aspects of the platform.

    Table 3. Administrative permissions fields
    Field Description
    Global Permissions
    User and Ownership Controls User Management - Select this option if you want to add, update, delete users, or assign users to Access Profiles.

    Access Control - Select this option if you want to allow a user to modify Access Profiles, edit ACLs, specify user application access rights, manage Access Profiles, specify the password policy, create, edit, and delete OAuth 2.0 clients and scopes, and delete OAuth 2.0 tokens.

    Manage Personal Setup - Select this option if you want to allow a user to modify the personal information, and generate or edit the user’s own certificate.
    Account Controls Manage Company Capabilities - Select this option if you want to allow users to modify the company information.

    Allow User Interface Access - Select this option if you want to allow users to log in to IBM webMethods Cloud Container and access the user interface. Clear this option if you want to deny users to access the user interface. Further, even if you clear this option, all users can still interact with IBM webMethods Cloud Container using REST interface calls.

    Note: If the Allow User Interface Access permission is not enabled for a user but if the user is a Partner user, that user will still be able to perform on-premises tasks.
    Data Management Controls Manage Audit Log: Select this option if you want to allow users to view the Audit Log. If this option is enabled, the Audit Log page will be displayed. If not selected, the user will not be able to view the Audit log page. To view the Audit Log screen, from the Cloud navigation bar, click Monitor > Audit Log.
    Functional Controls Select the required options under Assets, Environments, Advanced Security, Solution, and Unit Tests. You must select the required permissions to deploy, execute, administer, create, and delete those functions.

  6. The Solution Permissions page displays the Integration Server User Groups for all the solutions. You can map webMethods Integration Server user groups to an Access Profile. Enter the names of the webMethods Integration Server User Groups separated by a comma, for example, Administrators, Developers, and so on. webMethods Cloud users who are assigned to this Access Profile will then be a part of the webMethods Integration Server user group(s) and can perform tasks allowed for those user groups. If you do not map an Access Profile to a webMethods Integration Server user group, you will not be able to view, edit, or run webMethods Integration Server services in a solution. For information about user groups, see the Managing Users and Groups section in the webMethods Integration Server Administrators Guide.

    Note: webMethods Cloud Administrator profiles are automatically assigned to the webMethods Integration Server Administrators User Group.

  7. Click Apply. The new Access Profile appears in the Access Profiles page.

  8. Click on the Access Profile link in the Access Profiles page. In the Associated Users page, you can view the active users associated with the selected Access Profile. In the Associated ACLs page, you can view the Access Control Lists associated with the selected Access Profile.