Configuring roles

Use Roles in the Settings utility (Tools > Settings) to manage what Web console and Design console features users have access to. By creating roles and placing users/groups in those roles, you can more easily collectively manage user rights.

You can also use security settings to control what rights users have to individual forms, workflows, views, and so on. This is done through the Security tab on the Properties dialog for these items.

Roles define which users have access to:

The Web console's Asset tab.
The Web console's Process tab.
The Web console's Synchronization tab
The Design console.
The Settings dialog. When disabled, Design console users will still have the Start menu option but it won't do anything. Design console users also won't see the Tools > Settings option when this is disabled.

If a Web console user doesn't have rights to the Asset or Role tabs, those tabs won't be visible. All users have access to the Home tab.

Roles have been assigned to all objects in the asset content pack. The Process Manager role has access to all workflows in the asset content pack. When you create workflows, make sure that the role managing workflows has been added to the workflow.

Asset Lifecycle Manager ships with the following preconfigured roles:

ALM Administrators: Mostly use the Design console to create and manage forms, report views, and state maps. Has full access to all settings, assets, forms, supporting resources, reports, views, and workflows. Has access to the Web console's Asset, Process, and Synchronization tabs. Can also edit role membership.
Asset Manager: In charge of assets, uses the Web console reports and forms, often works with vendors. Has access to the Web console's Asset, Process, and Synchronization tabs. This role is used in the Asset request process included in the asset content pack.
Data center manager: Manages the assets in the data center. This role is used in the Server rack request and the Virtual server request processes that are included in the asset content pack.
IT Management: Managers in charge of IT, typically interested in using the Web console to monitor asset creation and lifecycle states. Has access to the Web console's Asset and Synchronization tabs.
IT Technician: Individuals who use the Web console and change lifecycle states (for example, setting an asset needing repair to an RMA state). Has access to the Web console's Asset and Synchronization tabs.
Manager: Uses the Web console's Home tab to request assets for employees, such as phone, computer, and so on. Has access to the Web console's Home tab only. This role is used in the Asset request process included in the asset content pack.
Network manager: Manages the adding/deleting of machines on the network, including virtual machines. This role is used in the Server rack request and the Virtual server request processes that are included in the asset content pack.
Ordering Agent: Uses the Web console's Home tab to fulfill asset orders created by manager. Organizes PO and vendor supporting resources. Has access to the Web console's Asset and Synchronization tabs.
Process Manager: Uses the Design console to create and manage workflows. Has access to the Web console's Process tab. This role is used in the Asset request process included in the asset content pack.
Requester: Uses the Web console to create a request for an asset but can't design or create asset instances. Has access to the Web console's Home tab only. This is a basic role for users that will only being making requests from the Web console. No additional licenses are required for this type of user to log into the Web console.
Security administrator: Uses the Web console to manage patch management and manage credentials for machines on the network. This role is used in the Server rack request and the Virtual server request processes that are included in the asset content pack.
Software asset manager: Uses the Web console to manage software licenses for assets. Has access to the Web console's Asset and Synchronization tabs.
Virtual machine administrator: Uses the Web console to manage virtual machines and their required data centers and hosts. Has access to the Web console's Asset and Synchronization tabs. This role is used in the Virtual server request processes that are included in the asset content pack.

When you add a role in the Settings utility, you specify the following:

Role name and description
Rights for the role
Users/groups who are members of the role

To add a Web console role

Click Tools > Settings.
Click the Roles tab.
Click the Create button to create a new role.
Enter the role Name and Description.
Select the rights you want.
Click the Add button to add members.You can use an asterisk(*) for wildcard searches.
Click Save when you're done.

You can also edit or delete existing roles. Role changes in the Settings utility take effect the next time users log in to the Web console.

NOTE: The user that installs the Asset Lifecycle Manager server has all rights by default. If you want to remove the installing user's rights, make sure another user has all rights before you remove rights from the installing user. If you don't do this, you won't have an account with enough privileges to grant new rights.

Rights

In ALM, each role is assigned certain rights. Rights provide access to specific tools and Web console tabs. Users must have the necessary right (or rights) to perform corresponding tasks. For example, in order to check the status of a workflow, a user must have the Access Process tab in Web right.

When a right is not assigned to a user, tools associated with that right are not visible to that user. For example, if a user is not given the Access Asset tab in Web console right, the user won't see the Asset tab when the Web console is opened.

Available rights include:

Access Asset tab in Web console: Ability to view, create, and edit asset data or reports, depending on the rights associated with those items.
Access Process tab in Web console: Ability to run process-related reports and check the status, progress, and audit histories of workflows. If given rights, users can also pause, resume, or cancel individual workflow instances.
Access Synchronization tab in Web console: Ability to view the Synchronization tab, which gives users the ability to leverage existing asset data by importing it and reconciling it against other ALM asset records.
Access Design console: Ability to access the Design console, from which the asset management infrastructure and system are designed and configured.
- Access Settings dialog: Configure the settings that will enable Asset Lifecycle Manager to send and receive workflow e-mail, involve users as workflow participants, and activate workflow actions with other servers, web services, databases, and third-party applications.

Was this article useful?

The topic was:

Inaccurate

Incomplete

Not what I expected

Other