> > > Access Control – Creating a New Role

Access Control – Creating a New Role

4th June 2016

Sean Hoppe Consulting Group Logo

In a previous Quick Reference Guide, we discussed a new feature that was introduced in EBI 4.1 to enhance security to remote server environments called Access Control.  Access Control allows you to create new accounts for each user, and establish permission based roles that allow the user to access only particular areas of the server environment, and grants access to reprocess logs, modify important values, and even to apply a license.  For information on how to create an account, and establish a basic role to the account, click here.

In the references guide above, we chose between three different roles that are available. Those roles are:

  • Admin – This role contains all permissions available.
  • SuperUser – This role contains all permissions except the ability to modify user accounts in Access Control.
  • User – This role does not contain any special permissions.

A new account can use any of those three roles, or, a new role with identifying permissions can be created.  A new role can be created for each user account created, identifying proper permissions.  Or, a position-based role as per your company’s requirements can be created and attached to multiple users.  To create a new role, follow these steps.

1.       Connect to your started EBI/Cleo Clarify Server environment from the Cleo Clarify Studio. If prompted to login for the first time, use the following login values:
               a.     Username:  ebiadmin
               b.     Password:  password

Note:  You can use any login to modify Access Control, so as proper administrative permissions are established to allow modifications to Access Control accounts.

2.       Navigate to Admin Console | Access Control.

3.       Below the Users section, there are three tabs.  Select the Roles tab.

Access Control Roles Clarify Studio

4.       In the Roles section, click Add.

New Role Access Control

5.       In the New Role popup, enter a Name and a Description of the role.

New Role Access Control Name Description

6.       Click OK.

7.       Select the new role that was created from the Roles section to display the Role Details section to the right.

Select Role Access Control Role Details

8.       At this time, the new role does not have any permissions established, and is also not attached to the desired amoore user account that was previously created in a previous guide.  You must still attach the new role to the previous account.

To add a permission to the role, in the Permissions section, click Add.

image

9.       In the Select Permissions window, select the desired permission to add, and click OK.

Add Permissions Access Control


Note: From this screen, you are able to control-click, or shift-click to multi-select more than one value.

10.   Verify that all the permissions are included to the newly created role.

Select Permissions Access Control

At this point, we created a new role and attached associated permissions.  As we previously mentioned, although it is created, no user account is currently using this new role at this time.  To add a user account, you can do so either in the Users tab, and add that role to the proper user account.  Or, you can add the user account to the proper role.  To do so, follow these steps.

11.   In the Users section in Role Details, click Add.

Role Details with Permissions

12.   In the Select Users window, choose the desired user, or users by control-clicking or shift-clicking and click OK.

Created User in Access Control Clarify Studio EBI


Note:  A user account can have multiple roles.  And a role can have multiple users.  If there are roles created as per your team’s infrastructure, you can create roles based on those team-based positions.  Such as, the Project Manager who should have all permissions with perhaps the Access Control permissions.  Or, a Team Lead, who may have all permissions to deploy and install Projects to the server environment.  Or, even a new hire role where permissions only allow viewing of server logs.  There are many different roles that can be created, choose one that suits your needs.


By: on