Creating and mapping roles

Because roles are mapped to groups, the groups you define on the server and the users that belong to them are the foundation of access control.

As an Administrator, use the Roles form in a browser to create roles to which you grant or deny access to objects in deployable applications. In deployable applications, you assign permissions using implicit groups (including dynamic groups) and roles. You then map roles to explicit groups on the server. For more information about deployable applications, see Defining-and-managing-applications. Although there is no limit to the number of roles that you can create, for maintenance purposes you might want to limit the number.

You can map roles to regular or computed groups for the Test and Production application development states. You can also create custom states and map roles for those states. To enable a particular mapping, change the application's state. For more information, see Specifying-roles-for-deployable-application-states.

To create and map roles

1. Log in to Mid Tier.
2. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
3. Open the Roles form in New mode for the server that contains the deployable application for which you are creating roles.
   

4. Enter the information in the Application Name, Role Name, and Role ID fields.
   After you save the role, you can assign permissions for this role to objects within the application. A role is listed only for the object in the deployable application to which the role belongs.

   The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.Keep a note of all the Application names because AR System does not maintain the list of Application names.

5. Enter a regular or computed group ID in each Mapped Group field to define access permissions for each application state.

6. Save your changes.

   Newly created roles appear in in the Permissions dialog box after the server recaches around 5 seconds, depending on your system).

To modify roles and role mappings

1. Log in to Mid Tier.
2. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
3. Open the Roles form in New mode for the server that contains the deployable application for which you are creating roles.
   
4. Search the form to retrieve a list of currently defined roles for an application.
5. Select the appropriate roles and modify information in the appropriate fields.
   
6. Save your changes.

To delete roles

1. Log in to Mid Tier.
2. From the AR System Administration Console, select System > Application > Users / Groups / Roles > Users.
3. Open the Roles form in New mode for the server that contains the deployable application for which you are creating roles.
   
4. Search the form to retrieve a list of currently defined roles for a particular application.
5. Select the appropriate role.
6. Select Actions > Delete.
   A confirmation box appears to verify that you want to delete the role entry.
   
7. Click OK.