LogoLogo
ProcMan Admin Guide V6.0.0
ProcMan Admin Guide V6.0.0
  • Welcome
  • Release Notes
  • Installation
    • System Requirements
    • Prerequisites
    • Component Overview
    • Before the installation
      • Required authorizations
      • Required persons
      • Preparation of the installation
    • ProcMan Installation Guide
      • DB2 Client Installation and configuration
      • Step 1: Adjust the windows code page
      • Step 2: Installation of HWF (HORIZONT Web Framework)
      • Step 3: Activate the DB2 PHP Extension
      • Step 4: Installation of ProcMan
      • Step 5: Set up HWM (HORIZONT Workflow Manager)
      • Step 6: Setting up the configuration files
        • Initial setup of hos_db_config.php
        • Initial setup of hos_config2.php
        • Environment files
      • Step 7: Check installaton and change admin password
      • Step 8: Web Server configuration
        • ProcMan server certificate
        • Client certification
        • HTTP configuration
      • Encrypted secure LDAP communication
      • Communication with external systems
  • ProcMan Update Guide
  • Installation and customization JCL z/OS part
    • Installation overview
    • Setting up TLS Communication
    • Installation steps on z/OS
    • Update installation steps on z/OS
    • Post Installation tasks and customization at z/OS
    • Administration dialog z/OS
    • JCL Rules syntax and help
    • JCL Examples
      • xxSADUMP
      • xxSJCUST
      • xxSDELD
      • xxSJFCNT
      • xxSJVSFL
  • Administration Dialog
    • General structure
    • Definitions
      • Clients
      • Roles
      • Accounts
        • Accounts list
        • Creating a new account
        • Importing accounts via LDAP
        • Configuring authentication z/OS system
        • Editing an account
        • Changing password
        • Deleting accounts
      • Timezone assignment
      • Role assignment
        • Roles / Users list
        • Users to role assignment
        • Roles to user assignment
      • Calendars
      • Calendar assignment
      • Search areas
      • Actions
      • Global definitions
      • Process definitions
      • Object browser
    • Tools
      • Deleted Processes
      • Automaton
      • Transfer Case
      • Encryption
      • Log Files Administration
      • Benchmark
      • Savepoints
      • Web Server Restart
    • Utilities
      • User information update (hwm_update_accounts)
      • Role assignment (hwm_update_user_roles)
      • Certificate request generation (hwm_cert_request)
      • Export of libraries from archive (hwm_export_zos_library)
      • Report generation (hwm_process_report)
      • Triggering autoexecution of activities (hwm_autoexec)
      • Maintenance of the custom_data table (hwm_custom_data)
      • Benchmark (hwm_benchmark)
    • Rest-API Interface
      • Usage of the RestAPI
        • RestAPI GUI by ProcMan
        • cURL utility
      • REST-API Modules
        • m_environment
        • m_jcl_approve
        • m_jcl_confirm
        • m_jcL_fillforms
        • m_jcl_generate
        • m_jcl_check_parallel
        • m_jcl_select_file_arc
        • m_jcl_select_file_sys
        • m_jcl_change
        • m_tws_adhoc_appl
      • RestAPI Troubleshooting
  • Modules customization
    • Customization JCL Module
      • File Formats
      • Basic configuration
        • hos_config.php
          • debug_screen_enabled
          • debug_files_enabled
          • debug access
          • debug_ml
          • hos_version
        • hos_config2.php
          • base_tmp_dsn
          • duplicate_member
          • environment
            • codepage
            • exclude_delete
            • jcl_dd_forms
            • jcl_osj
            • jcl_result_files
            • jcl_supported_statements
            • target_mirror
            • task
            • temp_dsn_alloc_site
            • tmp_dsn_alloc_site_ps
            • template
            • zos_tech_user
            • template_dsn_cntl
            • base_tmp_dsn
          • file_list_column
          • jobname_format
          • list_limit
          • member_processing_method
          • member_spearator
          • pager
          • passwords
          • ps_transfer
          • reload_environment
          • remove_from_archive_on_delete
          • rot_client_code_page
          • rot_ini_file
          • rot_separator
          • script_access_log_file
          • syntax_highlighter
          • syntax_highlighter_combo
          • system_mapping
          • template_dsn_cntl
          • tmp_dir
          • web_code_page
          • xinfo
          • zos_tech_user
        • hos_db_config.php
        • hos_jcl_config.php
        • hos_sysin_config.php
        • horcclnt.ini
      • Process configuration
      • Dictionary
      • User forms
        • <groups> XML section
        • <group> XML section
        • <item> XML section
          • wai_input
          • wai_select
          • hidden
          • multiline
          • freetext
          • text
        • FORMCONT table
    • Customization IWS ZOS Module
      • IWS Configuration
      • Process configuration
      • Environment configuration
      • IWS Additional Data
        • Configuration of IWS additional data
        • Configuration of structure of IWS additional data
        • Database structure IWS additional data
        • Import & export of IWS additional data
          • Options for tws_addata command line utility
          • Example usage of tws_addata command line utility
      • IWS Rules
        • Input data and output data
        • IWS rules basic configuration
        • IWS rules configuration in process configuration
        • Database structure for IWS rules – lookup table
        • INIT element
        • Processing elements
          • Processing element TEST
          • Processing element PARALLEL_CHECK inside TEST element
          • Processing element CHECK
          • Processing element CHANGE
          • Change Runcycle offsets
          • Processing element INSERT
          • Processing element DELETE
          • Processing element MESSAGE
        • Conditions element COND
        • Conditions element OICOND
        • Substring operation
        • Logging of IWS rules processing
      • IWS ADHOC
        • IWS ADHOC SIMPLE process
        • IWS ADHOC ON DEMAND process
        • IWS ADHOC ONE TIME process
        • Settings for creation and update of JCL scripts
      • IWS CP
        • Modifying operations in current plan
          • Configuring JCL edit task for CP operation
      • IWS Object Browser
      • Automatic Activities
      • Customizing IWS Processes
        • Customizing process messages
        • Customizing list of AD applications
          • Customizing the selection criteria using app_sec
          • Customizing the AD list result using tws_sec
        • Customizing picker lists
          • Customize picker lists using app_sec
          • Configuring picker list using tws rules lookup
        • Customizing parallel IWS application modifications
        • Customizing technical user for z/OS
        • Customizing IWS systems with process definition parameter
    • Customization Control-M Module
      • Prerequisites
      • Installation
      • Configuration
        • Configuration files
        • Actions
        • Process and object parameter definitions
      • Examples
        • Configuration of the communication with Control-M
        • Call configuration file
        • Rules configuration file
        • Actions
        • Process
        • Object Browser
      • Automatic Activities
      • Starting Activities Via Rest API
    • Customization Universal Object Module
      • Configuration
        • Configuration files
          • hos_docu_config.php
          • hos_docu_call_config.php
        • Actions
          • Activity actions
          • Report action
          • Cleanup action
          • Object Browser action
        • Process and object parameter definitions
      • Example
        • Configuration file
        • Actions
        • Process
        • Object Browser
      • Automatic Activites
      • Starting Activities Via Rest API
        • Request
        • Response
        • Automatic activities
  • JCL Rules
    • Introduction
    • Basics
      • Comments
      • Variables
      • Data Types
      • Operators
      • Functions
      • Rules
      • Expressions
      • Conditions
      • Loops
      • Includes
    • Examples
    • Keywords
    • Statements
    • Functions
      • Debugging
      • Date & Time
      • Forms
      • Lists
      • ProcMan Objects
      • Process Information
      • SmartJCL Objects
      • Strings
      • Variables
      • Other
      • Testing
      • XML
    • Predefined Constants
  • FAQs, Tipps & Tricks, etc
    • ProcMan Tipps & Tricks
      • HWM
      • APP_SEC
      • Useful php functions
Powered by GitBook
On this page
  • Roles
  • Roles list
  • Creating a new role
  • Editing a role
  • Deleting roles
  • Adding roles into the Transfer Case
Export as PDF
  1. Administration Dialog
  2. Definitions

Roles

PreviousClientsNextAccounts

Last updated 1 month ago

Roles

Roles are there to group individual user and to give them certain rights in ProcMan. Often defined roles are developer, tester, admin, approver, production planner etc.

Roles also manage the set of functions which can be started by a user. Such functions are for example administration, creating a process, or starting a specific process activity. Therefore each user must be assigned to minimum one role.

The roles in ProcMan are organized hierarchically. Any role can be a root role (with no parent roles) or a child role of another role. Any role can have an arbitrary count of children roles. The role hierarchy in ProcMan can be arbitrarily deep. The semantic of the role hierarchy is, that if a user has a role assigned, he is implicitly authorized also in all ancestor roles of the assigned role, but in no descendant role of the assigned role (except that a descendant role is assigned explicitly to the user).

However, the hierarchical organization of roles needs not to be used if there is no concrete need for it. In this case all roles can be defined without parent and children.

Beware that the role names are unique in the whole ProcMan system. There cannot be defined a role with some name in one client and another role with the same name in another client. If different roles are meant then their name must be unique. If the same role is meant then the best praxis is to define it in an ancestor client of all clients where it shall be used.

There is a special role initially named ADMIN defined in the client ROOT. This role allows the users to which it is assigned to administrate ProcMan and recall/delete processes in the work list (if administrators are authorized to do this). This role cannot be deleted or disabled, but the name and/or description of this role can be changed in the roles dialog.

Roles list

By clicking on the Roles menu item the role administration dialog is being started. Beware that this dialog can only administrate the roles defined in the client, in which the user is currently logged in, and in the descendant clients of this client.

After the dialog has been started, the list of already defined roles is displayed (see picture below). If there are no roles a message informing about this fact is displayed instead.

This dialog can be left by clicking the Cancel button. It can also be left at any time, even in the role definition forms for new and edited roles, by selecting another function from the ProcMan menu. If this happens in the forms the last changes done in the forms are discarded.

Creating a new role

A new role can be defined by clicking the New button in the roles list form. After that a form with the role definition fields appears (see picture below).

After filling the fields in this form and clicking the OK button the new role is created and appears in the roles list. By clicking the Cancel button the dialog returns to the roles list without creating a new role.

In the field Client the client in which the role will be created has to be selected.

The field Name has to be filled with the name of the new role. The name of the role can contain simple alphanumerical characters (ä, š, ô, etc. are not allowed), underscores, dots and spaces. Spaces at the beginning and the end are ignored. After submitting the form the name is converted into uppercase.

In the field Parent the parent role of the new role has to be selected or it can be left empty.

The field Description can be filled with a textual description of the new role. It is a free text, which can contain any printable characters. It also can be left empty.

The check-box Process Administration, if checked, specifies that users to which the role is assigned can recall/delete processes in the work list (if administrators are authorized to do this), but they cannot administrate ProcMan (they do not even see the administration dialog menu).Though this option can be checked for any role, it is recommended not to check it for roles dedicated for creating processes and starting activities. Better praxis is to define special roles having this option checked, which allows better control of who is allowed to administrate processes.

The check-box User Administration, if checked, specifies that users to which the role is assigned have limited administrator permissions, allowing them to administrate accounts, timezone assignments and role assignments. Users having this role will have an administration dialog menu, limited to this these functions. Though this option can be checked for any role, it is recommended not to check it for roles dedicated for creating processes and starting activities. Better praxis is to define special roles having this option checked, which allows better control of who is allowed to administrate users.

The check-box Revision, if checked, enables for users to which the role is assigned a special menu item Revision – Deleted Processes. When the menu item is clicked by a user, a list of deleted processes is displayed to the user. The list is similar to the Deleted Processes tool for the administrators (described later in this documentation), except that the Delete button is missing. Though this option can be checked for any role, it is recommended not to check it for roles dedicated for creating processes and starting activities. Better praxis is to define special roles having this option checked, which allows better control of who is allowed to view the deleted processes.

The check-box Enabled specifies whether the role can be used in ProcMan or not. If a role is not enabled it behaves like if the role would not be defined at all. Moreover if a role has descendant roles and it is not enabled, the descendants are disabled as well, even if they are set to be enabled.

Editing a role

A role definition can be edited by selecting it in the roles list form (checking the check-box at the beginning of the table row) and clicking the Edit button in the roles list form. Alternatively a role definition can be edited also by clicking on the role name in the table of the roles list form. After that a form with the role definition fields appears. This form is the same like the form for a new role except, that the fields Client and Parent are read-only and cannot be changed.

Deleting roles

One or more roles can be deleted by selecting them in the roles list form (checking the check-box at the beginning of the table rows) and clicking the Delete button in the roles list form. Beware that with the roles also all descendant roles are deleted. An alternative to the delete of a role is to disable it. In this case neither the role, nor its descendant roles are deleted.

Adding roles into the Transfer Case

Select one or more roles from the roles list form (checking the check-button at the beginning of the table rows) and click the Into Transfer Case button in the roles list form. After the selected roles have been added into the Transfer Case you can add another roles or another objects into the Transfer Case or continue with other administration work. For more information about the Transfer Case see the description of the Transfer Case tool in this document.