Managing Roles
A role is a collection of privileges that you can assign to users and groups. You can assign the following types of roles:
- •System-defined. Roles that you cannot edit or delete.
- •Custom. Roles that you can create, edit, and delete.
When you select a role in the Roles section of the Navigator, you can view all users and groups that have been directly assigned the role for the domain and application services. You can view the role assignments by users and groups or by services. To navigate to a user or group listed in the Assignments section, right-click the user or group and select Navigate to Item.
You can search for system-defined and custom roles.
System-Defined Roles
A system-defined role is a role that you cannot edit or delete. The Administrator role is a system-defined role.
Administrator Role
For example, a user assigned the Administrator role for the domain can configure domain properties in the Administrator tool. A user assigned all domain privileges and permission on the domain cannot configure domain properties.
Custom Roles
A custom role is a role that you can edit or delete.
By default, the Administrator tool includes the following custom roles:
- •Analyst Service custom role
- •Metadata Manager Service custom roles
- •Operator custom role
- •PowerCenter Repository Service custom roles
- •Reporting Service custom roles
- •Test Data Manager Service custom roles
You can edit the privileges for these roles, or delete the roles. You can also create your own custom roles.
Creating Custom Roles
When you create a custom role, you assign privileges to the role for the domain or for an application service type. A role can include privileges for one or more services.
1. In the Administrator tool, click the Security tab.
2. On the Security Actions menu, click Create Role.
The Create Role dialog box appears.
3. Enter the following properties for the role:
Property | Description |
|---|
Name | Name of the role. The role name is case insensitive and cannot exceed 128 characters. It cannot include a tab, newline character, or the following special characters: , + " \ < > ; / * % ? The name can include an ASCII space character except for the first and last character. All other space characters are not allowed. |
Description | Description of the role. The description cannot exceed 765 characters or include a tab, newline character, or the following special characters: < > " |
4. Click the Privileges tab.
5. Expand the domain or an application service type.
6. Select the privileges to assign to the role for the domain or application service type.
7. Click OK.
Editing Properties for Custom Roles
When you edit a custom role, you can change the description of the role. You cannot change the name of the role.
1. In the Administrator tool, click the Security tab.
2. In the Roles section of the Navigator, select a role.
3. Click Edit.
4. Change the description of the role and click OK.
Editing Privileges Assigned to Custom Roles
You can change the privileges assigned to a custom role for the domain and for each application service type.
1. In the Administrator tool, click the Security tab.
2. In the Roles section of the Navigator, select a role.
3. Click the Privileges tab.
4. Click Edit.
The Edit Roles and Privileges dialog box appears.
5. Expand the domain or an application service type.
6. To assign privileges to the role, select the privileges for the domain or application service type.
7. To remove privileges from the role, clear the privileges for the domain or application service type.
8. Repeat the steps to change the privileges for each service type.
9. Click OK.
Deleting Custom Roles
When you delete a custom role, the custom role and all privileges that it included are removed from any user or group assigned the role.
To delete a custom role, right-click the role in the Roles section of the Navigator and select Delete Role. Confirm that you want to delete the role.