3.4.1 Evaluating users and access permissions
You need to evaluate the following as permissions appropriate for what a user does: User Management permissions, user groups, and roles.
You also evaluate the settings for user password conditions and locks. You can specify these settings in the security definition file (security.conf).
-
User Management permission
Evaluate granting the User Management permission to the user account administrator who will manage users and user groups.
-
User groups
Evaluate assigning user accounts to the appropriate user groups according to types and purposes of operation.
When you install JP1/AO, the user groups listed below are provided as built-in user groups. You can use these built-in user groups without creating your own user groups.
- AdminGroup
-
The Admin role has been specified for the All Resources resource group.
- DevelopGroup
-
The Develop role has been specified for the All Resources resource group.
- ModifyGroup
-
The Modify role has been specified for the All Resources resource group.
- SubmitGroup
-
The Submit role has been specified for the All Resources resource group.
-
Roles
For each user group, evaluate specifying an appropriate role for accessing resource groups.
In JP1/AO, you can specify the functions to be made available to each user group by specifying the user group's role for resource groups.
Table 3‒3: Roles and available functions Role
Available function
Admin
-
Managing resource groups
-
Managing service templates
-
Developing service templates
-
Managing services
-
Running services
Develop
-
Managing service templates
-
Developing service templates
-
Managing services
-
Running services
Modify
-
Managing services
-
Running services
Submit
-
Running services
-
Related topics
-
Managing Users in the Job Management Partner 1/Automatic Operation Administration Guide
-
Security definition file (security.conf) in the Job Management Partner 1/Automatic Operation Configuration Guide