Chapter 6. Red Hat Decision Manager roles and users
To access Business Central or KIE Server, you must create users and assign them appropriate roles before the servers are started.
The Business Central and KIE Server use Java Authentication and Authorization Service (JAAS) login module to authenticate the users. If both Business Central and KIE Server are running on a single instance, then they share the same JAAS subject and security domain. Therefore, a user, who is authenticated for Business Central can also access KIE Server.
However, if Business Central and KIE Server are running on different instances, then the JAAS login module is triggered for both individually. Therefore, a user, who is authenticated for Business Central, needs to be authenticated separately to access the KIE Server (for example, to view or manage process definitions in Business Central). In case, the user is not authenticated on the KIE Server, then 401 error is logged in the log file, displaying
Invalid credentials to load data from remote server. Contact your system administrator. message in Business Central.
This section describes available Red Hat Decision Manager user roles.
rest-all roles are reserved for Business Central. The
kie-server role is reserved for KIE Server. For this reason, the available roles can differ depending on whether Business Central, KIE Server, or both are installed.
admin: Users with the
adminrole are the Business Central administrators. They can manage users and create, clone, and manage the repositories. They have full access to make required changes in the application. Users with the
adminrole have access to all areas within Red Hat Decision Manager.
analyst: Users with the
analystrole have access to all high-level features. They can model projects. However, these users cannot add contributors to spaces or delete spaces in the Design → Projects view. Access to the Deploy → Execution Servers view, which is intended for administrators, is not available to users with the
analystrole. However, the Deploy button is available to these users when they access the Library perspective.
rest-all: Users with the
rest-allrole can access Business Central REST capabilities.
kie-server: Users with the
kie-serverrole can access KIE Server (KIE Server) REST capabilities.