Roles
Security within Clarive is handled through a role system.
All access to administrator functions and user functions is defined through roles. Users are thus assigned one or more roles. That way, the user’s access to Clarive is limited and controlled.
Example
An Administrator role can be defined and all privileges can be set on administrator functionality within the tool, such as Category Administration, Notifications Administration, Scheduler Access, User Administration, etc. A role incident manager can be defined with full access to the topic category Incident but will for instance have no access to topic category release, since this topic category will be managed by the role of Release manager.
A user will be assigned one or more roles, and thus inherit the access to the topics he or she can work on.
Role administration can be performed by selecting Admin - Roles from the menu bar.
This will display all the currently available roles in a list view.
The list view contains the following columns:
Role
- The name of the Role.Description
- The description of the role.Mailbox
- The mailbox specific to the role, for notification purposes.Options
- Summary of all Role actions for this Role.
Role List Options¶
Create¶
A new window is opened by clicking on Create
, in which the following information needs to be provided for
configuration:
- Role Name - The name of the Role e.g. developer, release manager, change manager.
- Description - A longer description of the Role.
- Dashboard - Clarive has several dashboards. Dashboards may be associated here with roles, such that in user preferences only those dashboards associated with those roles will appear. The first dashboard to be added will be the default dashboard. Each user may change his or her default dashboard in user preferences.
Available Actions¶
Highlight the user and click Edit
. All Available Actions attributed to the role are displayed in the left pane.
A Group of actions or a specific action can be added by selecting and dragging the group Action from the left pane to
the right pane.
Remove Selection
- Removes the currently selected Action from the Role.
Remove All
- Removes all selections.
Users that have a Role¶
Select the Users tab to see the users that have the current Role and in which scope they have the Role assigned to.
Scopes where the Role is assigned¶
This a pivoted version of the User list. Now you see which users have the current Role.
Actions¶
Actions are logically grouped. Actions can be added in relation to the following groups:
---
- Generic user actions.- User can change his or her password
action.change_password
. User will be able to change the password from the user menu. - Become a different user
action.surrogate
. User will be able to become any user in the system. Recommended only for administrators.
- User can change his or her password
admin
- All actions related to the tool administration e.g. topic administration, user administration.- Administer configuration variables
admin.admin.config_list
. User will be able to set various runtime configuration options. Recommended only for administrators. - Administer daemons
action.admin.daemon
. User will be able to view, edit or admin daemons. See also daemons. - Admin events
action.admin.event
. User will be able to see all the events happening in Clarive. - Admin labels
action.admin.labels
. User will be able to edit or admin topic labels. See also labels. - Admin snapshots
action.admin.snapshots
. User will be able to create, delete or export snapshots. - Admin notifications
action.admin.notifications
. User will be able to admin notifications. See also notifications. - Admin roles
action.admin.role
. User will be able to admin user roles. - Root action
action.admin.root
. User will have the same permissions as system root user. Recommended only for administrators. Use this action instead of doing everything under system root user. This will help distinguish between different administrators. - Admin rules
action.admin.rules
. User will be able to view and admin rules. It is possible to permit only specific rules. See also rules. - Admin scheduler
action.admin.scheduler
. User will be able to admin job scheduling. See also scheduler. - Semaphore Administration
action.admin.semaphore
. User will be able to view and admin system semaphores. Recommended only for administrators. - System messages
action.admin.sms
. User will be able to send system messages to all users in the system. See also system messages. - Admin topics
action.admin.topics
. User will be able to admin topic categories. Recommended only for administrators. See also topics. - Upgrade features, plugins and modules
action.admin.upgrade
. DEPRECATED. - User groups Admin
action.admin.user_groups
. User will be able to admin user groups. Recommended only for administrators. - User Admin
action.admin.user
. User will be able to admin users. Recommended only for administrators. See also users.
- Administer configuration variables
calendar
- All actions related to Job Calendars.- Admin Job Calendar
action.calendar.admin
. User will be able to admin job calendars. See also calendaring. - Edit Job Calendar
action.calendar.admin
. User will be able to edit job calendars. See also calendaring. - View Job Calendar
action.calendar.admin
. User will be able to view calendars. See also calendaring.
- Admin Job Calendar
catalog
- DEPRECATED.ci
- All actions related to configuration items. You can grant permission to manage or view Resources. The action Admin Resources also grant permission to view Resources, so it is not neccesary to add both. To specify the Resources, you have to drag the action. In the new window, select the roles and collections that the user can view/manage, additionally for those Resources (Project, Variable, Nature, ProjectTemplate) that have configurable variables, you can add for which environments user can edit vars. You can also add negative filters. For example, if the user can see all Resources except the project collection, you can add all roles and then add a negative filter to that collection.dashboards
- All actions related to Dashboards.- Change dashboards in explorer
action.dashboards.view
. By default user can see only dashboards that are specified in his or her roles. With this action he will be able to see all of them.
- Change dashboards in explorer
development
- All actions related to the Development menu on the top bar of the application.- Wipe Cache
action.development.cache_clear
. User will be able to clear all the application's cached data and grid cached data. Recommended only for development environments. - ExtJS API References
action.development.ext_api
. User will be able to see ExtJS documentation. - ExtJS Examples
action.development.ext_examples
. User will be able to see ExtJS examples. - GUI Designer
action.development.gui_designer
. DEPRECATED. - JS Reload
action.development.js_reload
. User will be able to force application to reload all client side scripting. - REPL
action.development.repl
. User will be able to run arbitrary code in application environment. Recommended only during development. DANGEROUS - REPL Languages
action.development.languages
. Available languages user can run in REPL can be restricted. - Sequences
action.development.sequences
. User will be able to see database sequences.
- Wipe Cache
git
- All actions for accessing the Git Repository.- User can close branches
action.git.close_branch
. User will be able to omit repository branches from the lifecycle panel. - Access git repository for pull/push
action.git.repository_access
. User will be able to pull from and push to repository. - Create git repository with first push
action.git.repository_create
. User with permissions will be able to create and initialize a new repository and assign it to the project with the first push to its URL. - Access git repository pull
action.git.repository_read
. User will be able to pull from a repository. - Can update system tags in repositories
action.git.update_tags
. User will be able to move the system tags (environments) in repositories.
- User can close branches
help
- Actions related to the Help menu.- View server info in About window
action.help.server_info
. User will be able to see more detailed information in About window.
- View server info in About window
home
- Actions associated with the tool such as allowing access to the Lifecycle panel or the main menu.- User can generate docs from topics and views
action.home.generate_docs
. DEPRECATED. - User can access the menu
action.home.show_menu
. User will be able to see the main menu. - User can access the repositories in a project
action.home.view_project_repos
. User will be able to see the repositories assigned to the project in the lifecycle panel. - User can access the releases view
action.home.view_releases
. User will be able to see the Releases tab in lifecycle panel. - User can access the workspace view
action.home.view_workspace
. DEPRECATED.
- User can generate docs from topics and views
job
- All actions related to jobs e.g. creating new jobs, restart jobs. See also job.- Can access the advanced menu in job detailed log
action.job.advanced_menu
. User will be able to access internal job stash. Recommended only for administrators. - Approve/Reject any Job
action.job.approve_all
. User will be able to approve or reject jobs. See also monitoring. - Cancel Jobs
action.job.cancel
. User will be able to cancel jobs. It is possible to assign it only to specific environment. - Change default pipeline in job new window
action.job.chain_change
. User will be able to change the pipeline during new job creation. Recommended only for administrators. - Change job status on Post step
action.job.change_step_status
. User will be able to change the job status. It is possible to assign it only to a specific environment. - Create new jobs
action.job.create
. User will be able to create new jobs. This involves any kind of deployments and promotions. - Delete job
action.job.delete
. User will be able to delete a job. It is not recommended that jobs be deleted. It is possible to assign it only to a specific environment. - Force Rollback
action.job.force_rollback
. User will be able to rollback job even if the rollback is not needed. It is possible to assign it only to specific environment. - Create jobs outside of available time slots
action.job.no_cal
. User will be able to create jobs outside available Calendar Slots. - Restart Jobs
action.job.restart
. User will be able to restart jobs. It is possible to assign it only to a specific environment. - Resume Jobs
action.job.resume
. User will be able to resume jobs. For example from PAUSE state. It is possible to assign it only to specific environments. - Run Jobs In-Proc, within the Web Server
action.job.run_in_proc
. User will be able to run the jobs within the web server process. No need for the dispatcher to be running. Recommended only during development. - View job monitor
action.job.view_monitor
. User will be able to see the Job Monitor. - View All Jobs
action.job.viewall
. User will be able to see jobs in the Job Monitor. It is possible to assign it only to specific environment.
- Can access the advanced menu in job detailed log
labels
- Action allowing to attach/remove labels.- Attach labels to a topic
action.labels.attach_labels
. User will be able to attach labels to the topics. - Remove labels to a topic
action.labels.remove_labels
. User will be able to remove labels from the topics.
- Attach labels to a topic
projects
- Action allowing to access the Project Lifecycle.- User can access the project lifecycle
action.project.see_lc
. User will be able to see the project lifecycle in lifecycle panel.
- User can access the project lifecycle
reports
- Actions allowing to view dynamics fields and reports.- View dynamic fields
action.reports.dynamics
. User will be able to see dynamic report fields. - View Reports
action.reports.view
. User will be able to see Reports panel in lifecycle panel.
- View dynamic fields
search
- Actions allowing to search for Jobs, Resources and topics.- Search CIs
action.search.ci
. User will be able to search through Resources. - Search jobs
action.search.job
. User will be able to search through jobs. - Search topics
action.search.topic
. User will be able to search through topics.
- Search CIs
topics
- Allows the user to view topics, delete topics, create a topic, add comments to the topics, etc. Once the action is drawn, you can filter so the user can only apply that action for given categories.- View Topic Activity
action.topics.activity
. User will be able to see the topic activity. This includes all the changes to the topics data during its lifetime. - Change a topic to any available status on its category
action.topics.change_to_any_status
. User will be able to change to any status any category or a specific. - Post/View Topics Comments
action.topics.comments
. User will be able to see comments and add comments. - Create Topic
action.topics.create
. User will be able to create a topic of all categories or a specific category. - Delete Topic
action.topics.delete
. User will be able to delete a topic of all categories or a specific category. - Edit Topic
action.topics.edit
. User will be able to edit a topic of all categories or a specific category. - View Topic jobs
action.topics.jobs
. User will be able to see all the jobs that involved this topic. - Change topics status logically (no deployment)
action.topics.logical_change_status
. User will be able to change the topic status without starting a job if this is required by the topic workflow. - View Topic
action.topics.view
. User will be able to see a topic of all categories or a specific category. - View related graph in topics
action.topics.view_graph
. User will be able to see topic relationship graphs.
- View Topic Activity
topicfields
- Allows configuration of the actions to see and/or edit the fields of the topics. It is possible to configure each field depending on the category and the status of the topic. Simply add the category, status and the field so the user can interact with it. It is also possible to perform negative filters, for example, provide a user permission to view all fields of a category minus the Estimate field. To do this, assigned permissions to see all the fields in that category and add a negative filter to the Estimate field.
Note: It is mandatory to define at least one Allow
action to be able to save permissions. As no permissions are set
by default, it is not possible to save if only Deny
actions have been defined.
Edit¶
Allows editing the selected Role. Once changes have been made, select the Accept. To discard any changes, select the Close button instead.
Duplicate¶
Allows duplication of the selected Role. A new Role is created with the same values as the original Role. Its initial name will be the name of the original Role concatenated with a number.
Delete¶
The selected Role will be deleted. The system will provide a confirmation message before actually deleting the Role. If users exist with that Role, the Role will be removed from the user.
Also, list search is available to look for Roles by Role or description.