Roles
Roles are a mechanism for describing groups of users, with names that typically reflect real world job descriptions, such as administrator, operator, or maintenance. A set of permissions is associated with each role, which can then be assigned to one or more users. For example, the guest role in the toronto.myCompany domain could have this set of permissions:
Resource Type | Resource Name | Resource Domain | Action |
Domain | toronto.myCompany | toronto.myCompany | startNavigator |
SCP-1121 | dev4.icontrol.com_H_Densité_SLOT_1_31 | toronto.myCompany | openControlPanel |
Website | http://10.2.0.251/icw/sites/SkyAssure | toronto.myCompany | openWebsite |
Notice that all resources in this example are located in toronto.myCompany. A role in a given domain can only give permissions for resources in its domain.
NOTE: A user cannot have different roles in different domains. For example, joeuser@myCompany with the administrator role in the myCompany domain could not be given an operator role in the montreal.myCompany domain. |
Roles are usually defined and assigned by an administrator, although there are special roles that exist by default. A user with no assigned role (no permission) in a domain cannot do anything with resources under access control. A special role (super) exists in every domain — a super user has permission to do everything in his/her domain. Permissions are given to users based on their roles and domains as defined by the security administrator.
Roles can be created, deleted, and customized but are configured by default as follows:
Role | Description |
Administrator | Full access to all resources plus administrative privileges. For example, an administrator can create accounts and assign permissions for roles |
Maintenance | Access to all resources but no administrative privileges. For example, maintenance personnel can change hardware configurations and settings but cannot modify user privileges or create accounts |
Operator | Limited to operational tasks only. For example, an operator may not be able to change hardware settings |
Guest | Limited to very specific applications and views. Cannot change anything. |
IT | Limited to IT tasks, NMS type monitoring of servers including iControl Application Server health monitoring. |