Rights
Rights grant users the possibility to view, create and modify various DROPS entities. If the proper access rights are not granted to a profile, access to the corresponding entity (ex:
Rights are granted to users via profiles. A profile is packed with rights that determine which items a user should be able to access throughout DROPS and if they can edit them or not. Profiles are assigned to individual users.
The DROPS Studio has one default profile that contains all of the rights available. This All Rights profile is automatically assigned to the default administrator so that he can manage new profiles for all future users.
There is no limit on how many profiles can be created. Depending on the organization of your team, the definition of more specific profiles, corresponding exactly to the attributions of each user, is essential for a well-secured system.
In terms of authorization, there is no overlap between roles and rights. However, it is important to carefully assign rights that correspond to an entity to a user’s profile so that when he is assigned a role his access is unrestricted.
Roles are used to authorize users to perform actions involved in the import or deployment processes while rights are used to grant authorization to create, access and/or modify the entities involved in the processes.
If a user has the Repository Manager role for an application and has the right to view applications but does not have the right to edit them, all applications will be read-only. The user can still carry out the processes associated with the application because of their Repository Manager role, such as importing artifacts, but he cannot manage the release number version for the application because his application editing rights are restricted.
The following table lists the rights that do not require a paired role but are necessary for server administrators or other users that may not be involved in the configuration and execution of the deployment process.
Task | Required Rights (by category) |
---|---|
Creating and editing metadata | Administrative Rights |
Managing DROPS modules | Module Updater |
Installing DROPS modules remotely | Remote Installation |
Accessing server preferences and configuration | Server Administration |
Managing server configuration | Server General Administrative Rights |
For more information about the other rights available in the DROPS Studio, refer to Definitions of user roles and the required rights which outlines the relationship between roles and rights for each entity in the DROPS Studio.