3.4.1 Evaluating users and access permissions
You need to evaluate the following as permissions appropriate for what a user does: User Management permissions, user groups, and roles.
You also evaluate the settings for user password conditions and locks. You can specify these settings in the security definition file (security.conf).
User Management permission
Evaluate granting the User Management permission to the user account administrator who will manage users and user groups.
User groups
Evaluate assigning user accounts to the appropriate user groups according to types and purposes of operation.
When you install JP1/AO, the user groups listed below are provided as built-in user groups. You can use these built-in user groups without creating your own user groups.
- AdminGroup
The Admin role has been specified for the All Service Groups service group.
- DevelopGroup
The Develop role has been specified for the All Service Groups service group.
- ModifyGroup
The Modify role has been specified for the All Service Groups service group.
- SubmitGroup
The Submit role has been specified for the All Service Groups service group.
Roles
For each user group, evaluate specifying an appropriate role for accessing service groups.
In JP1/AO, you can specify the functions to be made available to each user group by specifying the user group's role for service groups.
Table 3‒2: Roles and available functions Role
Available function
Admin
Managing service groups
Managing service templates
Developing service templates
Managing services
Running services
Develop
Managing service templates
Developing service templates
Managing services
Running services
Modify
Managing services
Running services
Submit
Running services