The OpenLM Roles & Permissions extension gives you complete control over software assets. It goes beyond the predefined roles and permissions that come out-of-the-box with OpenLM: administrator and user. In this case, the administrator has access to everything, such as turning license servers on and off, editing things such as directory synchronization, building ServiceNow integration, and much more. The user can read only the reports and lacks the editing privileges of an administrator.
The fact is, not all individuals in an organization should have access to all the available resources. You allow a two-year-old toddler into the kitchen, but you don’t allow the child to access the knives, because you, as a parent, are aware of the risks. The same happens with an organization’s resources: access to resources should be allowed accordingly. When you give administrator access to the wrong person, it may become costly: an inexperienced employee with admin access can turn off license servers, leaving thousands of engineers without a license. That means trouble.
OpenLM administration based on well-defined roles
OpenLM offers 11 roles by default which can be assigned to certain users ranging from the administrator role – which has overall control of license monitoring and the management system – down to the project manager role, which holds responsibility for well-defined projects. That, however, is just to get you started: you can create any role with the Roles & Permissions extension and customize access to the OpenLM EasyAdmin interface. Basically, almost every component of the OpenLM interface can be either disabled or enabled through the roles and permissions setup.
We at OpenLM take privacy very seriously, which is why we have built a solution that is secure to its core. OpenLM makes access management a breeze with three levels of permissions: allow, disable, and deny. Role implementation may be set to “on,” enabling the differentiation of users and groups according to permission levels, or turned off altogether, thus granting all users and user groups full access to all the system’s resources.
Administering permission levels for OpenLM resources within your organization
Simply put, you may want to create multiple groups of users and allow them to see only a specific license server data for data privacy or other reasons, as specified in the internal policy. For example, you can have one application manager for CATIA, but you don’t want to empower him with OpenLM administrator rights, because he or she doesn’t have to have that privilege. The OpenLM Roles & Permissions extension allows you to do just that: grant access to the CATIA license servers but disable access to the organization’s other software assets. Or you can prevent that person seeing license activity such as individual session data for data privacy reasons, for example.
If you are the executive director and you want to be able to charge back software license costs to different business units, you will need administrator privileges, because you can synchronize OpenLM with Active Directory and see which business units use what licenses. At the same time, you may want to prevent regular end users from seeing other employee data in the usage reports. Just like every component of the OpenLM interface, it is possible to turn on or off access to this information to certain users or groups.
In other words, the OpenLM Roles & Permissions extension is a comprehensive toolset to securely manage access to your organization’s data stream. Actually, it is quite common to have tons of questions that you need to answer before pressing the “Allow” and “Disable” buttons, but once you have set it up according to your organization’s policy, you can rest assured that the information coming from the license inventory ends up in the right hands. And since OpenLM’s Identity Service supports the most popular third-party identity providers such as Okta or OpenID Connect, you are making the right decision.
Get started with OpenLM Roles & Permissions today!