Use Roles in the Settings utility (Tools > Settings)
to manage what Web console and Design console features users have
access to. By creating roles and placing users/groups in those
roles, you can more easily collectively manage user rights.
You can also use security settings to control what rights users
have to individual forms, workflows, views, and so on. This is done
through the Security tab on the Properties dialog for
these items.
Roles define which users have access to:
The Web console's Asset tab.
The Web console's Process tab.
The Web console's Synchronization tab
The Design console.
The Settings dialog. When disabled, Design console
users will still have the Start menu option but it won't do
anything. Design console users also won't see the Tools >
Settings option when this is disabled.
If a Web console user doesn't have rights to the Asset or
Role tabs, those tabs won't be visible. All users have
access to the Home tab.
Roles have been assigned to all objects in the asset content
pack. The Process Manager role has access to all workflows in the
asset content pack. When you create workflows, make sure that the
role managing workflows has been added to the workflow.
Asset Lifecycle Manager ships with the following preconfigured
roles:
ALM Administrators: Mostly use the Design
console to create and manage forms, report views, and state maps.
Has full access to all settings, assets, forms, supporting
resources, reports, views, and workflows. Has access to the Web
console's Asset, Process, and Synchronization tabs. Can also edit
role membership.
Asset Manager: In charge of assets, uses the
Web console reports and forms, often works with vendors. Has access
to the Web console's Asset, Process, and Synchronization tabs. This
role is used in the Asset request process included in the asset
content pack.
Data center manager: Manages the assets in the
data center. This role is used in the Server rack request and the
Virtual server request processes that are included in the asset
content pack.
IT Management: Managers in charge of IT,
typically interested in using the Web console to monitor asset
creation and lifecycle states. Has access to the Web console's
Asset and Synchronization tabs.
IT Technician: Individuals who use the Web
console and change lifecycle states (for example, setting an asset
needing repair to an RMA state). Has access to the Web console's
Asset and Synchronization tabs.
Manager: Uses the Web console's Home tab to
request assets for employees, such as phone, computer, and so on.
Has access to the Web console's Home tab only. This role is used in
the Asset request process included in the asset content pack.
Network manager: Manages the adding/deleting
of machines on the network, including virtual machines. This role
is used in the Server rack request and the Virtual server request
processes that are included in the asset content pack.
Ordering Agent: Uses the Web console's Home
tab to fulfill asset orders created by manager. Organizes PO and
vendor supporting resources. Has access to the Web console's Asset
and Synchronization tabs.
Process Manager: Uses the Design console to
create and manage workflows. Has access to the Web console's
Process tab. This role is used in the Asset request process
included in the asset content pack.
Requester: Uses the Web console to create a
request for an asset but can't design or create asset instances.
Has access to the Web console's Home tab only. This is a basic role
for users that will only being making requests from the Web
console. No additional licenses are required for this type of user
to log into the Web console.
Security administrator: Uses the Web console
to manage patch management and manage credentials for machines on
the network. This role is used in the Server rack request and the
Virtual server request processes that are included in the asset
content pack.
Software Manager: Uses the Web console to
manage software licenses for assets. Has access to the Web
console's Asset and Synchronization tabs.
Virtual machine administrator: Uses the Web
console to manage virtual machines and their required data centers
and hosts. Has access to the Web console's Asset and
Synchronization tabs. This role is used in the Virtual server
request processes that are included in the asset content pack.
When you add a role in the Settings utility, you specify the
following:
Role name and description
Rights for the role
Users/groups who are members of the role
To add a Web console role
Click Tools > Settings.
Click the Roles tab.
Click the Create button to create a new
role.
Enter the role Name and
Description.
Select the rights you want.
Click the Add button to add members.You can
use an asterisk(*) for wildcard searches.
Click Save when you're done.
You can also edit or delete existing roles. Role changes in the
Settings utility take effect the next time users log in to the Web
console.
NOTE: The user that
installs the Asset Lifecycle Manager server has all rights by
default. If you want to remove the installing user's rights, make
sure another user has all rights before you remove rights from the
installing user. If you don't do this, you won't have an account
with enough privileges to grant new rights.
Rights
In ALM, each role is assigned certain rights. Rights provide
access to specific tools and Web console tabs. Users must have the
necessary right (or rights) to perform corresponding tasks. For
example, in order to check the status of a workflow, a user must
have the Access Process tab in Web right.
When a right is not assigned to a user, tools associated with
that right are not visible to that user. For example, if a user is
not given the Access Asset tab in Web console right, the user won't
see the Asset tab when the Web console is opened.
Available rights include:
Access Asset tab in Web console: Ability to
view, create, and edit asset data or reports, depending on the
rights associated with those items.
Access Process tab in Web console: Ability to
run process-related reports and check the status, progress, and
audit histories of workflows. If given rights, users can also
pause, resume, or cancel individual workflow instances.
Access Synchronization tab in Web console:
Ability to view the Synchronization tab, which gives users the
ability to leverage existing asset data by importing it and
reconciling it against other ALM asset records.
Access Design console: Ability to access the
Design console, from which the asset management infrastructure and
system are designed and configured.
Access Settings dialog: Configure the settings
that will enable Asset Lifecycle Manager to send and receive
workflow e-mail, involve users as workflow participants, and
activate workflow actions with other servers, web services,
databases, and third-party applications.