Roles Based Security Extension
The Roles Based Security Extension allows different users to access OpenLM according to their predefined roles
Not all resources should be made public to all individuals within an organization. It is necessary to set up roles and permission levels for different individuals, so that the information presented to them reflects their position in the organization.
The OpenLM Roles and permissions extension does exactly that.
Permission attributes may hold either one of the following values:
- Allow: The resource is accessible for a user or a user group.
- Disable: The resource is visible but not accessible for a user or a user group.
- Deny: The resource is neither visible nor accessible to a user or a user group.
A set of such Resource permissions is referred to as a “Role”. Roles are attributed to certain groups of function holders within a company; each group having different accessibility options to OpenLM’s resources.
The handling of Roles and Permissions is easily done by system administrators through the EasyAdmin administrative interface of the OpenLM system. With the OpenLM EasyAdmin web interface you can assign users and user groups to predefined roles. Roles could be either:
- Predefined standard, provided by OpenLM
- New roles, created by inheriting the standard roles’ properties
- Newly created roles altogether.
The image below depicts the resource contents of the standard predefined ‘Admin’ role. It is accessible by selecting the OpenLM ‘start’ button → Administration → Roles → Select ‘Admin’ role and click the ‘Edit button. In the Resources tab, you will find all the different resources attributed to the ‘Admin role, e.g. “Permission to add a new group”, “Permission to edit an existing group” etc. Please refer to this document for further information regarding Roles and Permissions.
A typical usage scenario for implementing roles and permissions in a company would include two or three types of roles:
This role should enable all capabilities of the OpenLM system, and will include all resources as in the standard predefined ‘Admin’ role.
This would typically include all presentation capabilities, but omit administrative privileges (e.g. kicking off a user and closing their session with the currently_consumed_licenses_column_remove_license resource)
This would only include viewing concurrent and historical usage of specific servers. This will require the resources labeled server_<server_name>
Again, for specific information about roles’ resources, please refer to this document.