Application Roles

Owned by Max Pinion (Deactivated)
Last updated: Jan 29, 2015 by Mike Murphy
3 min read

Application Roles are used within Security descriptors to define which users are members of assigned roles.

Some Application Roles are created automatically when you install the Arellia Management Server, including the following roles:

  • AMS Administrators - assigns full rights to everything
  • AMS Users - generally grants Read and Write permissions to most Items, but not rights to modify security permissions
  • AMS Helpdesk Users - generally grants only Read access to Items that display passwords (in Local Security Solution) as well as specific reports folders

Create a New Application Role

To create a new role, do the following steps:

  1. In the Security Manager Console, go to the Configuration tab.
  2. In the left-side folder library, navigate to Settings > Configuration > Infrastructure > Application Roles.
  3. In the right-side pane, click the New button on the tool bar.
  4. Click Application Role in the drop-down New menu.
  5. In the Create Item dialog box, do the following steps:
    1. In the Name field, enter the name of the role.
    2. In the Description field, enter a brief description of the role.
    3. In the Account Name field, enter a shortened name for the role.
       
  6. Click OK to continue.
  7. In the editor dialog box that appears, click Select next to the Members setting.
  8. In the Select Resources dialog box that appears, click the users you want to include in the new role and then click the arrow button pointing to the Selected Resources field on the right.
     
  9. Click OK to close the selector.
  10. Click Save to save the role.

Role Membership

Users are assigned membership in a role by modifying the Application Role Resource Type.

To modify role membership, do the following steps:

  1. In the Security Manager Console, go to the Configuration tab.
  2. In the left-side folder library, navigate to Settings > Configuration > Infrastructure > Application Roles.
  3. In the right-side pane, right-click the role to me modified and then click Edit.
     
  4. In the editor dialog box that appears, click Select next to the Members setting.
  5. In the Select Resources dialog box that appears, click the users you want to include in the new role and then click the arrow button pointing to the Selected Resources field on the right.
  6. Click OK to close the selector.
  7. Click Save to save the role.

Test Alternate Roles in Internet Explorer

To test role access, do the following steps: 

  1. Open one of the Arellia Consoles (Help Desk ConsoleSecurity Manager Console) to which you want to verify access.
  2. Enter the user name and password for a user who is a member of only the role being tested (not one who is also a member of a more accessible role).
  3. Navigate to areas to which the user has been given access. Areas which have not been granted Read permissions will not appear.

 

Note: Test Alternate Roles in Internet Explorer

When you type the server's fully qualified domain name in the Address Bar in Internet Explorer, it will prompt you for a user name and credentials. This allows you to log on as an alternate user account. This is useful if Internet Explorer automatically authenticates your user account using your logged-in account.