User Roles and Permissions
User roles must be granted with permissions in order to access and do operations on every Governance Registry feature. Following are the combinations of permissions required to access Governance Registry features and do relevant operations. Permissions can be granted to a user role while its being created.
Extensions
- Add
- All Permission>Admin Permissions>Manage>Extensions>List
- List
- All Permission>Admin Permissions>Manage>Extensions>Add
- Life Cycles
- All Permission>Admin Permissions>Configure>Governance>Lifecycles
- Handler
- All Permission>Admin Permissions>Configure>Repository>Handlers
- All Permission>Admin Permissions>Manage>Resources>Browse
- Artifact Types
- All Permission>Admin Permissions>Configure>Governance>Manage RXT
- All Permission>Admin Permissions>Manage>Resources>Browse
- All Permission>Admin Permissions>Manage>Resources>Govern>Generic Artifacts>Add
- All Permission>Admin Permissions>Manage>Resources>Search>Advanced
- All Permission>Admin Permissions>Manage>Resources>WS-API
Main>Resources
- Browse
- All Permission>Admin Permissions>Manage>Resources>Browse
You might need provide additional permissions to the logged in User Role in order to perform WRITE and DELETE operations on resources and collections. See Role Permissions.
- Activity search
- All Permission>Admin Permissions>Manage>Search>Activities
- Search
- All Permission>Admin Permissions>Manage>Search>Advanced
- Reports
- All Permission>Admin Permissions>Manage>Resources>WS-API
- All Permission>Admin Permissions>Manage>Resources>Browse
Main>Metadata
In order to Add any artifact the following permissions must be given:
- All Permission>Admin Permissions>Manage>Resources>Govern>Metadata
- All Permission>Admin Permissions>Manage>Resources>Govern>Generic Artifacts>Add
- All Permission>Admin Permissions>Manage>Resources>WS-API
- All Permission>Admin Permissions>Manage>Resources>Browse
In addition, the following specific permissions must be given for each artifact:
- Add Endpoint
- All Permission>Admin Permissions>Manage>Resources>Govern>Endpoints>Add
- Add Note
- All Permission>Admin Permissions>Manage>Resources>Govern>Notes>Add
- Add Policy
- All Permission>Admin Permissions>Manage>Resources>Govern>Policies>Add
- Add REST Service
- All Permission>Admin Permissions>Manage>Resources>REST Services>Add
- Add Schema
- All Permission>Admin Permissions>Manage>Resources>Govern>Schemas>Add
- Add Server
- All Permission>Admin Permissions>Manage>Resources>Govern>Servers>Add
- Add Service
- All Permission>Admin Permissions>Manage>Resources>Govern>Services>Add
- Add SOAP Service
- All Permission>Admin Permissions>Manage>Resources>Govern>SOAP Services>Add
- Add Swagger
- All Permission>Admin Permissions>Manage>Resources>Govern>Swaggers>Add
- Add URI
- All Permission>Admin Permissions>Manage>Resources>Govern>URIs>Add
- Add WADL
- All Permission>Admin Permissions>Manage>Resources>Govern>WADLs>Add
- Add WSDL
- All Permission>Admin Permissions>Manage>Resources>Govern>WSDLs>Add
In order to List any artifact, the following permissions must be given
- All Permission>Admin Permissions>Manage>Resources>Govern>Metadata
- All Permission>Admin Permissions>Manage>Resources>Govern>Generic Artifacts>List
- All Permission>Admin Permissions>Manage>Resources>WS-API
In addition, the following specific permissions must be given for each artifact:
- List Endpoint
- All Permission>Admin Permissions>Manage>Resources>Govern>Endpoints>List
- List Note
- All Permission>Admin Permissions>Manage>Resources>Govern>Notes>List
- List Policy
- All Permission>Admin Permissions>Manage>Resources>Govern>Policies>List
- List REST Service
- All Permission>Admin Permissions>Manage>Resources>REST Services>List
- List Schema
- All Permission>Admin Permissions>Manage>Resources>Govern>Schemas>List
- List Server
- All Permission>Admin Permissions>Manage>Resources>Govern>Servers>List
- List Service
- All Permission>Admin Permissions>Manage>Resources>Govern>Services>List
- List SOAP Service
- All Permission>Admin Permissions>Manage>Resources>Govern>SOAP Services>List
- List Swagger
- All Permission>Admin Permissions>Manage>Resources>Govern>Swaggers>List
- List URI
- All Permission>Admin Permissions>Manage>Resources>Govern>URIs>List
- List WADL
- All Permission>Admin Permissions>Manage>Resources>Govern>WADLs>List
- List WSDL
- All Permission>Admin Permissions>Manage>Resources>Govern>WSDLs>List
You might want to have a look at the default permission mappings in repository/conf/permission-mappings.xml
if you are interested in more granular resource access permissions.
Main>Configure
- Notifications
- All Permission>Admin Permissions>Manage>Resources>Browse
- All Permission>Admin Permissions>Manage>Resources>Notifications
- All Permission>Admin Permissions>Manage>Resources>Community Features
Associations and Dependencies
- Add Association and Add Dependencies
- All Permission>Admin Permissions>Manage>Resources>Associations.
- And the particular resource should have WRITE permission provided for the logged in User role.
Life Cycles
- Life Cycles
- All Permission>Admin Permissions>Manage>Resources>Community Features
- All Permission>Admin Permissions>Manage>Resources>Govern>Lifecycles
- All Permission>Admin Permissions>Manage>Resources>Browse
- In order to perform a life cycle operation (Promoted/Demote) on a resource the user should have READ/WRITE permissions to the target environment.
Community Features
- Add Tags, Add Comments, Add Subscriptions, Add Ratings
- All Permission>Admin Permissions>Manage>Resources>Community Features