Rights

Rights grant users the possibility to view, create and modify various DROPS entities. If the proper access rights are not granted to a profile, access to the corresponding entity (ex: applications) or action (ex: editing applications) is restricted.

Rights are granted to users via profiles. A profile is packed with rights that determine which items a user should be able to access throughout DROPS and if they can edit them or not. Profiles are assigned to individual users. When combined with roles, users have complete or restricted access to all of the processes included in the DROPS Studio.

The DROPS Studio has one default profile that contains all of the rights available. This All Rights profile is automatically assigned to the default administrator so that he can manage new profiles for all future users.

There is no limit on how many profiles can be created. Depending on the organization of your team, the definition of more specific profiles, corresponding exactly to the attributions of each user, is essential for a well-secured system. It may be helpful to create profiles that correspond to the different roles throughout DROPS to ensure that users are assigned profiles that contain all the rights necessary for their role(s).

In terms of authorization, there is no overlap between roles and rights. However, it is important to carefully assign rights that correspond to an entity to a user’s profile so that when he is assigned a role his access is unrestricted.

Important!

Roles are used to authorize users to perform actions involved in the import or deployment processes while rights are used to grant authorization to create, access and/or modify the entities involved in the processes.

Example

If a user has the Repository Manager role for an application and has the right to view applications but does not have the right to edit them, all applications will be read-only. The user can still carry out the processes associated with the application because of their Repository Manager role, such as importing artifacts, but he cannot manage the release number version for the application because his application editing rights are restricted.

The following table lists the rights that do not require a paired role but are necessary for server administrators or other users that may not be involved in the configuration and execution of the deployment process.

Server Administrator and other high-profile rights
Task Required Rights (by category)
Creating and editing metadata Administrative Rights
Managing DROPS modules Module Updater
Installing DROPS modules remotely Remote Installation
Accessing server preferences and configuration Server Administration
Managing server configuration Server General Administrative Rights
Reference

For more information about the other rights available in the DROPS Studio, refer to Definitions of user roles and the required rights which outlines the relationship between roles and rights for each entity in the DROPS Studio.