Understanding Roles

This topic describes the various roles and their functions in Process Platform.

Roles determine the access privileges and activities a user can perform in an organization. They are a means to regulate authorization on tasks. Roles are created in an organization or delivered within an application and then are assigned to the users. Users can deploy an application only if they have certain privileges and these privileges are offered via roles. The degree to which a user can access the content in an application depends upon the roles assigned to them.

For example, a user can have the role of a Customer Service Representative, a Supervisor, or a Manager. A Manager or a Supervisor may have authority over certain tasks because of which only they have the power to approve or reject the results of a task.

Roles can be nested, which means a role can extend from another role to enhance the privileges offered by the super role. Roles can be classified as follows:

Packaged or Application Roles - These roles are bundled in an application with default ACL settings.
Internal Roles - An internal role is equipped with specific access privileges that are required for an activity. For example, Process Administrator is an internal role, which is used to only to administer the business processes. It is contained within Administrator role. Along with the specific internal roles, there are also some common roles called everyone role (appear as everyoneIn<Application Name>) which are available with each role. The everyone role has the basic access privilege that is required to access the contents of an application. If a user needs to access an application, this is the basic role in that application which needs to be assigned. In other words, it is similar to giving read-only access to a user to view a document.The internal roles are not visible upfront. To view them, you must select the Include Internal Roles check box on the User Manager window.
Functional Roles - These are the custom roles that are created as per the needs of the organization. These roles are assigned to users within that organization. These roles are created and packaged into an application for deployment purpose and do not originate from an application. Thus during deployment, they can also be referred as Packaged Roles.
Note: By default, functional roles are created through role modeler.
Non-functional role - A non-functional role, also referred as technical or internal role, is used to define more fine grained access on Web services and resources. A non-functional role provides access to a set of resources within one package. A package may contain several non-functional roles. A group of these non-functional roles from different packages can be combined in a functional role. This functional role can be assigned to the users.
Note: Non-functional roles cannot be used along with Organizational units and Work lists. For a security purpose, both functional and non-functional roles are controlled in the same manner.

Depending upon the activity to be performed, you can assign the following roles:

Administrator
Analyst
Developer
Deployer
SetupUser
SystemAdmin
DocumentationUser

The following tables list all the roles in Process Platform and their internal roles along with their functions:

Role	Purpose	Internal Roles	Function of Each Internal role
Administrator	Groups all the roles that are required to perform administrative activities.	Audit Administrator	Configure audit for components
		Audit Viewer	View audit data
		Process Administrator	Monitor and perform operations on business process instances View audit information of published processes Archive and restore process instances
		CoBOC Admin	Configure the synchronization details for Database Cache Configure synchronization for multiple CoBOC Service Containers View the CoBOC transaction details in CoBOC Monitor
		Log Viewer Admin	Search Composite Application logs View log messages
		Notification Admin	Set notification preferences Update the profile of any user in the organization
		Orchestrator Admin	Extend all the admin roles of Rule, CoBOC, Schedule, Notification, and Data Transformation. These roles are deprecated and are required for backward compatibility when user migrates from C2.
		Rule Admin	Configure Rule Synch up details for synchronizing multiple Rule Repository Processors Monitor rule execution through Admin Cockpit
		Schedule Admin	Deploy Schedules Undeploy Schedules
		Security Administrator	Create and manage trust relationship among groups of Service Containers Manage Trust stores for signing applications
		Security ISVP Admin	Manage digital certificates in the ISVP space
		UDDI Admin	Manage UDDI registries Validate registries
		WS-AppServer Admin	Manage access control for Database Metadata Configure auditing settings for Database Metadata
		Organizational Admin	Manages the following artifacts and system resources within an organization: Users Organizations Roles ACLs Service Groups, Service Containers and Connection Points Web service interfaces and operations XML Store objects Audit configurations for database tables LDAP content Monitor the gateway statistics Database Configurations
		FTP Admin	Create, update and delete the FTP server configuration Verify the FTP server configuration
		BAM Administrator	Configure synchronization and upload of process data Publish or Unpublish Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard
		MDM Administrator	Manage the run-time settings for MDM environment

Role	Purpose	Internal Roles	Function of Each Internal role
Analyst	Responsible for the analysis and design of business process and the ensuing process improvements.	CWS User	Modify models within an installed application package in organization staging Add runtime reference to other models
		BAM Analyst	Edit Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard in staging Publish or Unpublish Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard Delete Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard View custom and standard Dashboards
		MDM Data Steward	Manage the run-time models (upload data, view dashboard and logs)

Role	Purpose	Internal Roles	Function of Each Internal role
Developer	Groups all the roles related to the design and development of an application.	Process Developer	Validate a process model Publish a process model Run a process model Debug a process model during process iterations Generate Web services
		CoBOC Developer	Create objects using CoBOC browser Update objects using CoBOC browser Delete objects using CoBOC browser
		CWS Developer	Develop applications Build and publish applications
		Data Transformation Developer	Execute Data Transformations Generate Web services on Data Transformations
		Notification Developer	Create, update, delete, and customize Inbox and Email models Register Dispatch Logic implementations for use in custom routing of tasks Publish notification models like, work lists, Inbox models, email models
		Orchestrator Developer	Extend all the developer roles of Rule, CoBOC, Schedule, Notification, and Data Transformation. These roles are deprecated and are required for backward compatibility when user migrates from C2.
		Rule Developer	Test the rule execution using the Rule Test Tool
		Schedule Developer	Create schedule templates Update schedule templates Delete schedule templates
		Translator	Add, delete, and modify labels in the Translation Repository Add, delete, and modify the supported translation languages Add, delete, and modify translation contexts Translate labels in the Translation Repository Approve translations submitted by other users
		UDDI Developer	Work with UDDI Explorer and publish to external registries Manage registries and customize Web service access
		WS-Appserver Developer	Create Database Metadata Create WS-AppServer package and data models from the database metadata Generate Java code and Webservices on WS-AppServer models Generate custom business logic
		BAM Developer	Create Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard Edit Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard Delete Business Event, Process Monitoring Object, Business Measure, KPI, and Dashboard

Role	Purpose	Internal Roles	Function of Each Internal role
Deployer	Responsible for customizing an installed application package.	CWS Application Administrator	Modify documents within an installed application package in organization staging Publish contents of an application package from organization staging to the run time
Setup User			This role contains all the roles that are available during the installation of Cordys (baseline and application package) and is automatically assigned to the user who installed Cordys. You can assign this role to a user if you wish to extend the installation-related privileges to that user. This option is useful when you intend to have multiple Administrators with the same privileges as that of the installation user. If you upgrade Process Platform or install new applications, the roles within those applications are automatically assigned to this role and not to user who is performing the activity.
SystemAdmin			This role has the supreme authority over the Process Platform setup and is entitled to create and manage users, organizations, roles, and system resources spanning across Process Platform components. Apart from these, the SystemAdmin role is used for configuring security-related settings, maintain audit data, and license-related information.
DocumentationUser			This role is used to provide access to documentation only on a need basis. By default, users with the Administrator, Deployer, Analyst, and Developer roles can only view the product documentation. This implies, users without these roles cannot view or access documentation. You must assign the documentationUser role to enable documentation access to users who are not privileged to view documentation by default.

OpenText Cordys 10.6 documentation : Understanding Roles

Understanding Roles