Roles

 Roles are only used during process execution (importing artifacts and deploying). They are intended to manage a user's authorization to execute certain procedures during an import or deployment process or assign a task. users with roles can be kept informed via notifications during process execution in order to be able to make decisions correctly.

Having a certain role does not automatically mean that a user is required to do something during process execution because multiple users can be assigned the same role. However in order to carry out certain actions, like executing a deployment process, a user must be assigned the role that authorizes him to do so.

The DROPS entities involved in process execution and therefore those to which roles must be assigned are:

  • applications
  • releases
  • clients (if multi-client mode is activated)
  • environments, environment groups and environment types
  • infrastructure items
  • deployment plans

Each individual instance of an entity can have different users assigned to it depending on the needs of your organization.

Example

Two different environments may be managed by two different people because deploying to a production environment might only be done by a manager, while deploying to a test environment could be done by a developer.

However, roles can also be defined globally. Assigning a role to all instances of an entity instead of just one or several enables a user to play the same role for every entity.

Example

A manager with a team of 3 people may be granted global access to all applications in order to oversee all the individual applications his team creates. Each of the three teammates may only need to import artifacts for the application(s) they are in charge of, but not the others. The manager's role is assigned on the global level by an admin using the  Generic Roles menu in the Preferences menu while the team's roles are assigned in the individual application(s) from the  Roles view.

In terms of authorization, there is no overlap between roles and rights. However, it is important to carefully assign rights that correspond to an entity to a user’s profile so that when he is assigned a role his access is unrestricted.

Important!

Roles are used to authorize users to perform actions involved in the import or deployment processes while rights are used to grant authorization to create, access and/or modify the entities involved in the processes.

Example

If a user has the Repository Manager role for an application and has the right to view applications but does not have the right to edit them, all applications will be read-only. The user can still carry out the processes associated with the application because of their Repository Manager role, such as importing artifacts, but he cannot manage the release number version for the application because his application editing rights are restricted.

The following table lists the entities to which roles are available for each entity and for what a user with that role is responsible. The rights required for each role are also indicated by category.

Definitions of user roles and the required rights
Role Authorization(s) Granted Required Rights (by category)
Application Administrator Can assign roles in applications.

Applications
Validation Requests
Application Repository Manager

Responsible for the content in the artifact repository and the correct configuration of applications, components and import strategies.

Can execute the import process.

Applications
Releases
Import Process Instances
Strategy Templates
Server Properties
Validation Requests
Application Import Operator Responsible for executing the import process. Import Process Instances
Releases
Validation Requests
Application Database Administrator

Responsible for the application's source/target database(s).

Can validate the deployment process.

 Validation Requests
Application Workflow Manager Responsible for the correct configuration of the deployment workflow.

Clients
Deployment Plans
Validation Requests
Environment Administrator Can assign roles in environments. Clients
Environments
Environment Groups
User Management
Environment Release Manager

Responsible for the correct configuration of the elements involved in the deployment process.

Can execute and validate the deployment process.

 Clients
Deployment Plans
Deployment Process Diagrams
Deployment Process Instances
Deployment Process Templates
Deployment Schemas
Environments
Environment Groups
Infrastructure Items
SSH Key Management
Replacement Rules
Scripts
Validation Requests
Node Management
Environment Release Operator

Responsible for executing the deployment processes.

Can be selected to validate the deployment process.

 Clients
Deployment Process Instances
Validation Requests
Node Management
Environment Group Administrator Responsible for creating and managing environment groups. Clients
Environments
Environment Groups
User Management
Environment Type Administrator Responsible for creating and managing environment types. Environments
Environment Groups
Deployment Plans
Environment Type Release Manager Responsible for the correct configuration of the elements involved in the deployment process. Environments
Environment Groups
Deployment Plans
Infrastructure Item Administrator Can assign roles in infrastructure items. Clients
Infrastructure Items
User Management
Infrastructure Item Manager Responsible for the correct configuration of infrastructure items.

Clients
Infrastructure Items
Compliance Rules
Compliance Rule Sets
Instantiation Templates
Provisioning Templates
Infrastructure Item Contributor

In charge of solving problems concerning infrastructure items. Is notified via notification email when an issue arises.

Responsible for plan of action concerning suspended actions and/or interruption messages.

 Clients
Suspended Actions
Instantiation Instances
Provisioning Instances
Node Administrator Responsible for main / node configuration and administration. Main Settings Management
Main / Node Mode
Node Management
Plan Group Release Manager Responsible for the correct configuration of deployment plans. Deployment Plans
Release Administrator Can assign roles in releases. Releases
User Management
Release Project Manager

Responsible for the correct configuration of releases.

Can validate the deployment process.

 Applications
Releases
Validation Requests
Reference

For more information about assigning roles at the entity-level, refer to Assigning entity-level roles.

For more information about assigning roles at the global-level, refer to Assigning global-level roles.

For more information about creating and managing profiles and rights, refer to Managing profiles and rights and Rights.

For more information about creating DROPS users, refer to User accounts.