This documentation supports the 21.3 version of BMC Helix Innovation Studio.

To view an earlier version, select the version from the Product version menu.

Creating and modifying application roles

Application Roles (roles) are permissions similar to groups, except that they belong to a particular application, instead of a particular server. Application roles are used exclusively in deployable applications.

Application roles are defined for each deployable application and then mapped to explicit groups on the server. You can map a deployable application's roles to different groups on different servers, depending on how the groups are defined on each server. This allows you to develop and test the application on one server and deploy it to a number of other servers without having to redefine permissions on each server. You can also map application roles to different groups for each development state, such as Test or Production.

Because application roles are mapped to groups, the groups you define on the server and the users that belong to them are the foundation of access control.

Use the Manage My Roles UI to create application roles to which you grant or deny access to objects in deployable applications. In deployable applications, you assign permissions using implicit groups (including dynamic groups) and roles. You then map roles to explicit groups on the server. This section provides the steps to create application roles and map them to explicit groups.

To create an application role

  1. Log in to BMC Helix Innovation Studio and navigate to the Administration tab. 
  2. Click Server settings > Application permissions > Role permissions to open the Roles permissions UI.
  3. Click New to add a new application role, and enter information in the appropriate fields as described in following table:

    FieldDescription

    Application/Library

    Select the name of the deployable application or library for which you are defining an application role. You can define the same role for multiple applications.

    Role name

    Enter a unique name for the application role. Within each application, every role name should be unique. You can reuse the same role name-role ID pairs across a suite of applications.

    Role ID

    Integer ID that is the recognized identity of the role. The ID must be a negative number, such as -10001. Role IDs must be unique for each application name. You can reuse the same role name-role ID pairs across a suite of applications.

    Test

    Enter or select one group name for the regular or computed group to which you want to map this role for the Test application state. To enable this mapping, set the application's State property to Test.

    Production

    Enter or select one group name for the regular or computed group to which you want to map this role for the Production application state. To enable this mapping, set the application's State property to Production.

  4. Click Save.

To manage application roles

  • To modify an application role:
    1. From the Role permissions UI, select the name of the role that you want to edit from the Role Name field.
    2. Enter information in the required fields and save your changes.
  • To delete an application role:
    1. Open the Role permissions UI.
    2. Select the role and click Delete.
Was this page helpful? Yes No Submitting... Thank you

Comments