Defining roles and permissions

You can assign permissions to roles. Each role has its own unique set of permissions that define the user's entitlements in the repository.

Before you begin

To modify roles, you must be a community administrator or a repository administrator.

About this task

Each new community has default repository roles:
  • Administrator: Community administrators can assign roles and permissions to users and user groups to define different levels of access to the community A use can have the role of community administrator in more than one community, and one community can have multiple administrators. Community administrators can add or remove other administrators from their community. You can assign this role to individual users, all users, or all signed-in users, but not to user groups.
  • Asset Owner: This role is automatically assigned to any user that owns an asset in the community. The permissions associated with the Asset Owner role apply only to assets that the user owns. For example, the Update assets permission for this role allows the user to update the assets that they own, but they cannot update assets that a different user owns. By default, an asset owner can find and modify any asset that they have created, regardless of its current state.
  • Asset Review Board: This role is automatically assigned to any user that is asked to be part of a review board for an asset in a review process.
  • Asset Consumer: A general role that allows users to search, view, and download assets. You can assign this role to individual users and user groups.
  • Asset Producer: A general role that allows users to search, view, download, create, and modify assets. You can assign this role to individual users and user groups.
The following permissions are available for you to choose from when you define roles for a community:
  • Asset Review Board: The user can be a part of an asset review board in a custom lifecycle.
  • Create assets: Users can create new assets. Creating assets includes describing and adding artifacts.
  • Delete assets: Users can permanently delete assets from the repository.
  • Download assets: Users can download assets. This permission includes describing and adding artifacts.
  • Forums administration: Users can administer forums. This permission includes modifying forum topics and posts and creating connections to Rational® ClearQuest®.
  • Publishing administration: Users can publish assets to WebSphere® Registry Service and Repository.
  • Read asset details: Users can view the General Details pages for assets in this community.
  • Search assets: Users can search for assets by using keyword and filter searches.
  • Subscribe to assets: Users can subscribe to emails or RSS feeds to receive notification when an asset is modified.
  • Update assets: Users can update the content or descriptive metadata of assets.

Procedure

To create or edit roles and permissions:

  1. Log into the Rational Asset Manager web client.
  2. Open the Administration page.
  3. Click the community name to modify the roles and permissions that are associated with those roles in that community.
  4. Click the Roles tab.
  5. Click the name of the role that you want to edit, or to make a new role, click New Role. You cannot edit the built-in role of Administrator.
  6. On the Community Role page, describe the role:
    1. In the Name field, type a name for the role.
    2. In the Description field, type a description for the new role.
  7. In the Role Permissions section, select the permissions that this role assumes in this community.
  8. Optional: In the Roles Scopes section, constrain the role by making permissions apply only to assets of a specific type or category. Use the lists to create constraints. You can apply as many constraints as needed to focus the permissions in a role.
    Important: You must select At least one of the following constraints in order to apply individual constraints from the list of constraints that you defined. To apply all of the constraints that you defined, select All of the following constraints.
    Note: You cannot assign constraints to the built-in roles of Administrator, Asset Owner, and Asset Review Board.
    For example, you can create a reviewer role with browse, download, read, search, and subscribe permissions for the asset type implementation. This would allow you to create a review role with update permissions for asset type test cases. Creating multiple constraints for roles gives the repository advanced levels of governance.
  9. Click OK.

Example

I want a user to be able to submit new assets, but I want them to be able to modify only the assets that they own

For this scenario, the built-in role of Asset Owner is useful. Initially, the user that creates an asset is the owner of an asset. When a user owns an asset in a community, the user automatically receives the role of Asset Owner and the associated permissions; however, those permissions apply only to the assets that they own. To configure this scenario:
  1. Create a new role (for example, Asset Creator) with the following permissions:
    • Create assets
    • Download assets
    • Read asset details
    • Search assets
    • Subscribe to assets
  2. Edit the built-in Asset Owner role, and make sure the Update assets permission is selected.
  3. Assign the role of Asset Creator to users or user groups. Then, those users can submit new assets, but they can update only the assets that they own.

I want a user to be able to submit new assets and be able to modify any asset in the community

By default, the built-in role of Asset Producer allows this. You can assign the role of Asset Producer to users or user groups, or create a new role:
  1. Create a new role, for example, Asset creator and editor, with the following permissions:
    • Create assets
    • Download assets
    • Read asset details
    • Search assets
    • Subscribe to assets
    • Update assets: In this case, Update Assets will apply to all assets in the community
  2. Assign the new role to users or user groups. Then, those users can submit new assets and also modify any assets in the community.

Feedback