Chapter 9. Role Management

9.1. Overview

Generally the term Role is a synonym for a group of Users. Having some Roles in each project is always recommended. For example, you could define a separate Role for Operators, System Operators and Project Engineers. Doing so you could assign Users to Roles and afterwards assign Security Objects, like Grants to each Role. Doing it that way is much more convenient and requires less administration than assigning each Grant to each User. New User accounts can easily tied to already existing Roles. Defining a set of Grants to a Role is done once per Role. This is standard security management in multi-user enterprise applications.

The Grants in Table 9.1, “Table of Grants regarding Role Management” determine the actions an User can perform on Roles. All Grants are stored in the secured-objects.xml file of the main Flex Application Module.

Table 9.1. Table of Grants regarding Role Management

Grant KeyDescription
APP_Role_ManagementPermission to open the Role Management Screen.
APP_add_roles_buttonAbility to add new Roles.
APP_save_role_buttonAbility to save changes on a Role.
APP_remove_role_buttonAbility to remove an existing Role.
APP_assign_grants_buttonAssign to or remove Grants from a Role.
APP_assign_users_buttonAssign to or remove Users from a Role.

9.2. Role Management Screen

From the main application actions bar click Application->Roles to open the Role Management view. Purpose of this management view is to declare security Roles and assign individual Grants and Users to each of them.

Role Management View

Figure 9.1. Role Management View


Table 9.2. Actions bar of the Role Management View

IconDescription
Open a dialogue to create a new Role with name and description.
Delete an existing Role.
After double-clicking a Role you can change data and press Save to save your changes.
Reload and refresh Role information from the persistent storage.
Assign Users to a selected Role. Opens a dialogue to add Users to the Role.
Select already assigned Users you want to remove from the selected Role and press this button to remove their Role membership immediately.
Select a Role and press this button to assign one or more Grants to the Role. An dialogue opens to assign or remove Grants from a Role.

9.3. Creating a new Role

To create a new Role press the 'Create' button of the actions bar (). In a simple dialogue, you have to provide the name of the new Role and an optional descriptive text. After the Role is created the roleName is prefixed with 'ROLE_'.

Create a Role

Figure 9.2. Create a Role


9.4. Modifing an existing Roles

Existing Roles can also be modified. To change the role name or description, just double click the Role to open a dialogue, like shown in Figure 9.3, “Modify a Role”, where you can change the values as desired.

Modify a Role

Figure 9.3. Modify a Role


9.5. Assigning Grants to a Role

If you already have a Role defined, you are now able to assign Grants to this Role. Just select the Role and press the 'Assign Grants' button (). A dialogue opens that lists all non-assigned Grants on the left side and all currently assigned Grants on the right side. Choose the Grants you want to add or remove to a Role and press one of the shift buttons in the middle. After you confirm the dialogue you have to save the Role. Your changes do not take affect without saving the Role explicitely, because you could have done changes to the Role before.

Assign Grants to a Role

Figure 9.4. Assign Grants to a Role


9.6. Assigning Users to a Role

Role Management does only make sense when you assign Users to Roles and manage access control through Roles. So go ahead and add some Users to a defined Role. Press the 'Assign Users' button () and do it like you did before. Nearly the same dialogue opens where you can add or remove one or more Users from a selected Role.

Assign Users to a Role

Figure 9.5. Assign Users to a Role