Creating and modifying application roles
Application Roles (roles) are permissions similar to groups, except that they belong to a particular application, instead of a particular server. Application roles are used exclusively in deployable applications.
Application roles are defined for each deployable application and then mapped to explicit groups on the server. You can map a deployable application's roles to different groups on different servers, depending on how the groups are defined on each server. This allows you to develop and test the application on one server and deploy it to a number of other servers without having to redefine permissions on each server. You can also map application roles to different groups for each development state, such as Test or Production.
Because application roles are mapped to groups, the groups you define on the server and the users that belong to them are the foundation of access control.
Use the Manage My Roles UI to create application roles to which you grant or deny access to objects in deployable applications. In deployable applications, you assign permissions using implicit groups (including dynamic groups) and roles. You then map roles to explicit groups on the server. This section provides the steps to create application roles and map them to explicit groups.
To create an application role
- Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
- Click Configure My Server > Application Permissions > Manage Role Permissions to open the Manage My Roles UI.
- Click New to add a new application role and enter information in the appropriate fields as described in the Role form fields table.
- Save your changes.
To manage application roles
- To modify an application role:
- From the Mange My Roles UI, select the name of the role that you want to edit from the Role Name field.
- Enter information in the required fields and save your changes.
- To delete an application role:
- Open the Mange My Role UI.
- Select the role and click Delete.
Fields in the Role Information form
Enter the name of the deployable application for which you are defining an application role. You can define the same role for multiple applications.
Enter a unique name for the application role. Within each application, every role name should be unique. You can reuse the same role name-role ID pairs across a suite of applications.
Integer ID that is the recognized identity of the role. The ID must be a negative number, such as -10001. Role IDs must be unique for each application name. You can reuse the same role name-role ID pairs across a suite of applications.
Enter or select one group name for the regular or computed group to which you want to map this role for the Test application state. To enable this mapping, set the application's State property to Test.
Enter or select one group name for the regular or computed group to which you want to map this role for the Production application state. To enable this mapping, set the application's State property to Production.