Roles and permissions

Roles provide a way for community administrators to group permissions and assign them to users or user groups. Permissions define the actions that a user can perform in a community.

When they assign roles, community administrators consider the tasks of a user in the context of a particular community. For example, in a development community, users who are analysts are not required to modify or change development code and need browse, download, and submit access. On the other hand, users who are analysts in the analyst community can adopt full permissions so that they can modify existing assets or upload new assets in their field of expertise.

Roles

A role is a collection of permissions that administrators assign to users or user groups. A role consists of a name, a description, permissions, and a scope. Administrators can constrain the scope of a role by making permissions apply to assets of specific types, classifications, or owners. Community administrators assign roles to users or user groups to control the level of access that users have to the assets of a community. For example, users who have a role with permission to browse assets can search for and view details about assets and their artifacts, but cannot download or modify the asset.

Individual users can have more than one role. They can also have different roles in different communities.

Note: User groups, not roles, group repository users.

Default roles

Each new community has default repository roles:
  • Administrator: Community administrators can assign roles and permissions to users and user groups to define different levels of access to the community A use can have the role of community administrator in more than one community, and one community can have multiple administrators. Community administrators can add or remove other administrators from their community. You can assign this role to individual users, all users, or all signed-in users, but not to user groups.
  • Asset Owner: This role is automatically assigned to any user that owns an asset in the community. The permissions associated with the Asset Owner role apply only to assets that the user owns. For example, the Update assets permission for this role allows the user to update the assets that they own, but they cannot update assets that a different user owns. By default, an asset owner can find and modify any asset that they have created, regardless of its current state.
  • Asset Review Board: This role is automatically assigned to any user that is asked to be part of a review board for an asset in a review process.
  • Asset Consumer: A general role that allows users to search, view, and download assets. You can assign this role to individual users and user groups.
  • Asset Producer: A general role that allows users to search, view, download, create, and modify assets. You can assign this role to individual users and user groups.

You can modify all roles for the community except for Administrator. Community administrators can create additional roles that can be assigned to users or user groups.

Available permissions

Community administrators manage and assign permissions to roles in the community.

The following permissions are available for you to choose from when you define roles for a community:
  • Asset Review Board: The user can be a part of an asset review board in a custom lifecycle.
  • Create assets: Users can create new assets. Creating assets includes describing and adding artifacts.
  • Delete assets: Users can permanently delete assets from the repository.
  • Download assets: Users can download assets. This permission includes describing and adding artifacts.
  • Forums administration: Users can administer forums. This permission includes modifying forum topics and posts and creating connections to Rational® ClearQuest®.
  • Publishing administration: Users can publish assets to WebSphere® Registry Service and Repository.
  • Read asset details: Users can view the General Details pages for assets in this community.
  • Search assets: Users can search for assets by using keyword and filter searches.
  • Subscribe to assets: Users can subscribe to emails or RSS feeds to receive notification when an asset is modified.
  • Update assets: Users can update the content or descriptive metadata of assets.

Role constraints

Community administrators can assign constraints to roles in a community. Constraints can limit roles to specific asset types or asset categories.

For example, you could create a category called Editable, create a new role called Asset Editor with the Update assets permission, and assign that role to all signed-in users. This way, you can allow all users modify assets in a community by assigning a category instead of creating additional user groups or assigning roles individually.

Note: You cannot assign constraints to the built-in roles of Administrator, Asset Owner, and Asset Review Board.

Additional roles for asset lifecycles

When you create custom lifecycles, additional roles are configured:
  • Lifecycle manager: You can assign the lifecycle manager role to users or user groups while you configure custom lifecycles for a community. If you are a lifecycle manager for an asset, you gain the following additional permissions:
    • You can search for, view, and download the asset.
    • You can modify the asset.
    • You can view the asset on the My Dashboard page in the Assets to Manage section.
    • You can leave a comment on the Review page of the asset.
    • You can adjust the lifecycle for the asset by adding or removing reviewers, changing the permissions for reviewers, adding or removing policies, and changing the conditions for the transitions between lifecycle states.
  • Reviewer: For each state of a custom asset lifecycle, you can add users or user groups as reviewers. Community administrators can add and remove reviewers as they configure custom lifecycles for a community. Lifecycle administrators can add and remove reviewers as they modify the lifecycle for individual assets. If you are a reviewer for an asset, you gain the following additional permissions:
    • You can search for, view, and download the asset.
    • You can leave a comment on the Review page of the asset.
    • If the Approver check box is selected, you can vote to approve or reject the asset on the Review page. Approvals and rejections are saved and can be used as conditions for changing states. For example, the asset can change from Review to Approved only if at least three reviewers have voted for Approve.

Feedback