To configure role-based access, click
Configure to open the
Configure Role Tasks dialog box. The role hierarchy is displayed on the left-hand pane along with icons to indicate if the
Role Task has been added or not and if the corresponding ACL string has been incorrectly configured. On the right-hand side of the
dialog box, a description of the
Role Task is provided along with details of the any incorrect ACL configuration. Click
Add to enable a role or
Delete to disable. Once a
Role Task has been enabled you can enable access by checking the required group. To do this, perform the following steps:
- In the menu bar, click
Security.
- Expand
ESCWA Configuration.
- Expand the security manager and then click
Roles.
This displays the
Role Options page.
- Check the roles you want to restrict access for.
- Click
Apply.
The role task resource entities are located in the
Roles Task resources class. In the menu bar, click
Security. Expand
ESCWA Configuration. Expand the security manager and then click
Resources. In the
Security Resources Navigation pane, click
Role Tasks.
You can configure the following
Roles Task resource entities:
- Native Access
- This role task enables you to manage access to the
Native features of the
ESCWA application. Administrators can use this role to simplify the user interface when
Enterprise Server is not required. This role is not available under the
Role Tasks resource class as this is a historic role. You can find this under the
Common Web Administration resource class.
- Managed Access
- This role task enables you to manage access to the
ES for .NET features of the
ESCWA application. Administrators can use this role to simplify the user interface when ES for .NET is not required. This role
is not available under the
Role Tasks resource class as this is a historic role. You can find this under the
Common Web Administration resource class.
- Security Access
- This role task enables you to manage access to the
Security features of the
ESCWA application. Administrators can use this role to simplify the user interface when security configuration is not required.
This role is not available under the
Role Tasks resource class as this is a historic role. You can find this under the
Common Web Administration resource class.
- Server Access
- This role task enables you to manage access to the
Enterprise Server Administration Configuration dialog box. Administrators can use this role to restrict a user’s access to configuring the
ESCWA server. This role is not available under the
Role Tasks resource class as this is a historic role. You can find this under the
Common Web Administration resource class.
- Mainframe Access
- This role task enables you to manage access to the
Mainframe features of the
ESCWA application. Administrators can use this role to simplify the user interface when mainframe functionality is not required.
This role is not available under the
Role Tasks resource class as this is a historic role. You can find this under the
Common Web Administration resource class.
- ESCWA Logon
- This role task enables you to manage
ESCWA logon. Administrators can use this role to restrict a user’s access to
ESCWA. This role is not available under the
Role Tasks resource class as this is a historic role. You can find this under the
Common Web Administration resource class.
- Region Startup Configuration Administration
- This role task enables you to view the pages for a stopped
enterprise server regions. These are the legacy pages for the MF Directory Server user interface. Administrators can use this role to restrict a user
from viewing pages and information related to a running
enterprise server region.
- Started Region Administration
- This role task enables you to view the pages for started
enterprise server regions. These are the legacy pages for the
Enterprise Server Monitoring And Control (ESMAC) user interface. Administrators can use this role task to restrict users to only be able to
view pages and information related to a stopped
enterprise server region.
- JES Spool and Catalog
- This role task enables you to view the Spool and Catalog pages. Administrators can use this role to restrict users to viewing
only Spool and Catalog pages.
Note: This role task takes precedence over
Region Startup Configuration Administration.
- Region Control
- This role task enables you to start and stop
enterprise server regions and view the
region
Control page. Administrators can use this role to restrict users from starting and stopping
regions.
- Groups Administration
- This role task enables you to view the
Groups displayed in the
Native Navigation pane. Administrators can use this role to restrict users from administering the
Logical and
PACs nodes, including installing to an
enterprise server region to make it a PAC member when started.
- Directory Server Administration
- This role task enables you to access the Directory Server properties, connection configuration, security configuration, and
journal. Administrators can use this role to restrict users from performing administration type changes to the Directory Server
when the user should only be concerned with
region-based actions.
- Scale-Out Administration
- This role task enables you to view the
SORs displayed in the
Native Navigation pane. Administrators can use this role to restrict users from configuring SORs to view the
enterprise server regions associated with their PAC.
- Security Configuration Report
- This role task enables you to manage access to the
Configuration Report in the
Security Navigation pane.