Managing Roles

Owned by Nicolás Palombo (Unlicensed)
Last updated: 20 Oct, 2008Version comment
5 min read
Unknown macro: {scrollbar}

Adding Roles in O3 Server

Access assignment in O3 Server is performed on the roles instead of assigning them directly to the users.

Adding users as actors in each role, is how the user acquires the required access permissions. This simplifies the security scheme and facilitates its administration.

In addition to this, in order to support complex security schemes, it is possible to define Parametric and Instance roles, in which users/actors are automatically defined from their attributes.

To add a role:

  1. Start O3 Server Administrator.
  2. Expand the Services | Security branch in the Administration Tree.
  3. Click on the Roles Tab in the Properties Pane.
  4. Click on the New button, located below the Roles area which contains the list of defined Roles.
    When clicking a new role will be added to the list under the name New Role.
    The Roles tab also contains three sub-tabs: General, Actors and Attributes, in which the properties of the role selected from the list are grouped.
  5. Click on the General tab of the new role and enter at least the role name.
  6. Click on the Apply button in the General Tab to confirm the new role.
    Then click on the Apply button located at the bottom of the Properties Pane to confirm all security changes made.

Adding Users to an O3 Server

For a user to acquire access, it is necessary to add them as actor in a role. As access is performed on roles and not directly on users, it is necessary for all users to play at least one role.

In the same way you add users to a role, you may add a group of users to a role.

To add a user as actor in a role:

  1. Start O3 Server Administrator.
  2. Expand the Services | Security branch in the Administration Tree.
  3. Click on the Roles Tab in the Properties Pane.
  4. Click on the role you wish to add user to. The Roles area contains a list of defined roles and is located to the right of the tab.
  5. Click on the Actors Tab. This tab is contained in the Roles tab and contains a list of defined actors in the selected role.
  6. Click on the Add button in the Actors tab and a new window with the list of defined users and groups will pop up.
    At the top of this window you may carry out a filtering by name.
  7. Select the user or group to add to the role in the window.
    If no users or groups appear in it, click on the search button located at the top of the window.
  8. Click on the Apply button in the Actors tab.
    There are three Apply buttons in this Properties Pane.
    The one in the Actors tab confirms the added actors; the one in the Roles tab confirms changes made to the selected role and the third Apply button  is located at the bottom left of the Properties Pane and confirms all changes made to security settings.

Adding or Updating attributes in an O3 Role

Just like in the case of users, the definition of attributes at role level enables a greater refining of security settings.

For instance, by using the getRolValue() function, you may obtain the value assigned to an role's attribute a user is an actor in.

To add a user as actor in a role:

  1. Start O3 Server Administrator.
  2. Expand the Services | Security branch in the Administration Tree.
  3. Click on the Roles Tab in the Properties Pane.
  4. Click on the role in which you wish to add or update attributes.
    The Roles area contains a list of defined roles and is located to the right of the tab.
  5. Click on the Attributes tab. This tab is contained within the Roles Tab and displays a list of the attributes defined for the role.
  6. To add a new attribute, press the Add button in the Attributes tab and a new attribute will be added to the list.
    The following information must be completed for the new attribute:
    • Name. It is the name of the attribute that will be used to refer to the value assigned to the user.
      This name is used, for instance, as a parameter in the getRolValue() function
    • Type.It is the type of attribute, and can be String, Date, Time o Boolean
    • Value: The value assigned to the new attribute for the role.
      For instance, this value is returned by the getRolValue() function.
  7. To update an attribute, you must select the it on the list and modify its name, type or value.
  8. Click on the Apply button in the Attributes tab  to confirm the changes made to attributes.
    Then, click on the Apply button in the Roles tab to confirm the changes made to the Role and finally click on the Apply button located at the bottom of the Properties Pane to confirm all teh changes made to the security settings.

Deleting a Role from O3 Server

When, for any given reason, a role is no longer required, it is advisable to delete it  from the O3 Server list of roles to prevent confusion and simplify the shcheme.

To delete a Role from O3 Server:

  1. Start O3 Server Administrator.
  2. Expand the Services | Security branch in the Administration Tree.
  3. Click on the Roles Tab in the Properties Pane.
  4. Click on the role you wish to delete. The Roles area contains a list of defined roles and is located to the right of the tab.
  5. Click on the Delete button, located below the list of defined roles.
    Then, click on the Apply button located at the bottom of the Properties Pane to confirm all changes made to security settings.
Unknown macro: {scrollbar}