Security within Clarive is handled through a role system.
All access to administrator functions and user functions is defined through roles. Users are thus assigned one or more roles. That way, the user’s access to Clarive is limited and controlled.
An Administrator role can be defined and all privileges can be set on administrator functionality within the tool, such as Category Administration, Notifications Administration, Scheduler Access, User Administration, etc. A role incident manager can be defined with full access to the topic category Incident but will for instance have no access to topic category release, since this topic category will be managed by the role of Release manager.
A user will be assigned one or more roles, and thus inherit the access to the topics he or she can work on.
Role administration can be performed by selecting Admin - Roles from the menu bar. This will display all the currently available roles in a list view.
The list view contains the following columns:
Role- The name of the Role.
Description- The description of the role.
Mailbox- The mailbox specific to the role, for notification purposes.
Options- Summary of all Role actions for this Role.
Role List Options¶
A new window is opened by clicking on
Create, in which the following
information needs to be provided for configuration:
Role Name - The name of the Role e.g. developer, release manager, change manager.
Description - A longer description of the Role.
Dashboard - Clarive has several dashboards. Dashboards may be associated here with roles, such that in user preferences only those dashboards associated with those roles will appear. The first dashboard to be added will be the default dashboard. Each user may change his or her default dashboard in user preferences.
Highlight the user and click
Edit. All Available Actions attributed to the
role are displayed in the left pane. A Group of actions or a specific action
can be added by selecting and dragging the group Action from the left pane to
the right pane.
Remove Selection- Removes the currently selected Action from the Role.
Remove All- Removes all selections.
Users that have a Role¶
Select the Users tab to see the users that have the current Role and in which scope they have the Role assigned to.
Scopes where the Role is assigned¶
This a pivoted version of the User list. Now you see which users have the current Role.
Actions are logically grouped. Actions can be added in relation to the following groups:
---- Generic user actions.
- User can change his or her password - User will be able to change the password from the user menu.
- Become a different user - User will be able to become any user in the system. Recommended only for administrators.
admin- All actions related to the tool administration e.g. topic administration, user administration.
- Administer advanced settings - User will be able to set various runtime configuration options. Recommended only for administrators.
- Administer Daemons - User will be able to view, edit or admin daemons. See also daemons.
- Administer Events - User will be able to see all the events happening in Clarive.
- Administer Labels - User will be able to edit or admin topic labels. See also labels.
- Administer Snapshots - User will be able to create, delete or export snapshots.
- Administer Notifications - User will be able to admin notifications. See also notifications.
- Administer Roles - User will be able to admin user roles.
- Root Action - User will have the same permissions as system root user. Recommended only for administrators. Use this action instead of doing everything under system root user. This will help distinguish between different administrators.
- Administer Rules - User will be able to view and admin rules. It is possible to permit only specific rules. See also rules.
- Administer Scheduler - User will be able to admin job scheduling. See also scheduler.
- Administer Semaphores - User will be able to view and admin system semaphores. Recommended only for administrators.
- Administer System Messages - User will be able to send system messages to all users in the system. See also system messages.
- Administer Categories - User will be able to admin topic categories. Recommended only for administrators. See also topics.
- Upgrade features, plugins and modules - DEPRECATED.
- Administer User groups - User will be able to admin user groups. Recommended only for administrators.
- Administer Users - User will be able to admin users. Recommended only for administrators. See also users.
calendar- All actions related to Job Calendars.
ci- All actions related to configuration items. You can grant permission to manage or view Resources. The action Admin Resources also grant permission to view Resources, so it is not neccesary to add both. To specify the Resources, you have to drag the action. In the new window, select the roles and collections that the user can view/manage, additionally for those Resources (Project, Variable, Nature, ProjectTemplate) that have configurable variables, you can add for which environments user can edit vars. You can also add negative filters. For example, if the user can see all Resources except the project collection, you can add all roles and then add a negative filter to that collection.
development- All actions related to the Development menu on the top bar of the application.
- Wipe Cache - User will be able to clear all the application's cached data and grid cached data. Recommended only for development environments.
- ExtJS API References - DEPRECATED.
- ExtJS Examples - DEPRECATED.
- GUI Designer - DEPRECATED.
- JS Reload - DEPRECATED.
- REPL - User will be able to run arbitrary code in application environment. Recommended only during development. DANGEROUS
- REPL Languages - Available languages user can run in REPL can be restricted.
- Sequences - User will be able to see database sequences.
git- All actions for accessing the Git Repository.
- User can close branches - User will be able to omit repository branches from the lifecycle panel.
- Git Repository read/write permissions - User will be able to pull from and push to repository.
- Create git repository with first push - User with permissions will be able to create and initialize a new repository and assign it to the project with the first push to its URL.
- Git Repository read-only - User will be able to pull from a repository.
- Can update system tags in repositories - User will be able to move the system tags (environments) in repositories.
help- Actions related to the Help menu.
- View server info in About window - User will be able to see more detailed information in About window.
home- Actions associated with the tool such as allowing access to the Lifecycle panel or the main menu.
- User can generate docs from topics and views - DEPRECATED.
- User can access the menu - User will be able to see the main menu.
- User can access the repositories in a project - User will be able to see the repositories assigned to the project in the lifecycle panel.
- User can access the releases view - DEPRECATED.
- User can access the workspace view - DEPRECATED.
job- All actions related to jobs e.g. creating new jobs, restart jobs. See also job.
- Can access the advanced menu in job detailed log - User will be able to access internal job stash. Recommended only for administrators.
- Approve/Reject any Job - User will be able to approve or reject jobs. See also monitoring.
- Cancel Jobs - User will be able to cancel jobs. It is possible to assign it only to specific environment.
- Change default pipeline in job new window - User will be able to change the pipeline during new job creation. Recommended only for administrators.
- Change job status on Post step - User will be able to change the job status. It is possible to assign it only to a specific environment.
- Start new jobs - User will be able to create new jobs. This involves any kind of deployments and promotions.
- Delete job - User will be able to delete a job. It is not recommended that jobs be deleted. It is possible to assign it only to a specific environment.
- Force Rollback - User will be able to rollback job even if the rollback is not needed. It is possible to assign it only to specific environment.
- Create jobs outside of available time slots - User will be able to create jobs outside available Calendar Slots.
- Restart Jobs - User will be able to restart jobs. It is possible to assign it only to a specific environment.
- Resume Jobs - User will be able to resume jobs. For example from PAUSE state. It is possible to assign it only to specific environments.
- Run Jobs In-Proc, within the Web Server - User will be able to run the jobs within the web server process. No need for the dispatcher to be running. Recommended only during development.
- View job monitor - User will be able to see the Job Monitor.
- View Jobs - User will be able to see jobs in the Job Monitor. It is possible to assign it only to specifics environments.
labels- Action allowing to attach/remove labels.
- Attach labels to a topic - DEPRECATED
- Admin project labels - User can admin Labels in Project left menu.
- Remove labels to a topic - DEPRECATED
projects- Action allowing to access the Project Lifecycle.
- User can admin their own projects - User will be able to admin his own projects.
reports- Actions allowing to view dynamics fields and reports.
- View dynamic fields - User will be able to see dynamic report fields.
- View Reports - User will be able to see Reports panel in lifecycle panel.
search- Actions allowing to search for Jobs, Resources and topics.
- Search Resources - User will be able to search through Resources.
- Search jobs - User will be able to search through jobs.
- Search topics - User will be able to search through topics.
topics- Allows the user to view topics, delete topics, create a topic, add comments to the topics, etc. Once the action is drawn, you can filter so the user can only apply that action for given categories.
- View Topic Activity - User will be able to see the topic activity. This includes all the changes to the topics data during its lifetime.
- Change a topic to any available status on its category - User will be able to change to any status any category or a specific.
- Post/View Topics Comments - User will be able to see comments and add comments.
- Create Topic - User will be able to create a topic of all categories or a specific category.
- Delete Topic - User will be able to delete a topic of all categories or a specific category.
- Edit Topic - User will be able to edit a topic of all categories or a specific category.
- View Topic jobs - User will be able to see all the jobs that involved this topic.
- Change topics status logically (no deployment) - User will be able to change the topic status without starting a job if this is required by the topic workflow.
- View Topic - User will be able to see a topic of all categories or a specific category.
- View related graph in topics - User will be able to see topic relationship graphs.
topicfields- Allows configuration of the actions to see and/or edit the fields of the topics. It is possible to configure each field depending on the category and the status of the topic. Simply add the category, status and the field so the user can interact with it. It is also possible to perform negative filters, for example, provide a user permission to view all fields of a category minus the Estimate field. To do this, assigned permissions to see all the fields in that category and add a negative filter to the Estimate field.
Note: It is mandatory to define at least one
Allow action to be able to
save permissions. As no permissions are set by default, it is not possible to
save if only
Deny actions have been defined.
Allows editing the selected Role. Once changes have been made, select the Accept. To discard any changes, select the Close button instead.
Allows duplication of the selected Role. A new Role is created with the same values as the original Role. Its initial name will be the name of the original Role concatenated with a number.
The selected Role will be deleted. The system will provide a confirmation message before actually deleting the Role. If users exist with that Role, the Role will be removed from the user.
Also, list search is available to look for Roles by Role or description.