Chapter 14. Red Hat Process Automation Manager roles and users
To access Business Central or KIE Server, you must create users and assign them appropriate roles before the servers are started. You can create users and roles when you install Business Central or KIE Server.
Business Central and KIE Server use the Java Authentication and Authorization Service (JAAS) login module to authenticate users. If both Business Central and KIE Server are running on a single instance, then they share the same JAAS subject and security domain. Therefore, a user who is authenticated for Business Central can also access KIE Server.
However, if Business Central and KIE Server are running on different instances, then the JAAS login module is triggered for both individually. Therefore, a user who is authenticated for Business Central must be authenticated separately to access KIE Server. For example, if a user who is authenticated on Business Central but not authenticated on KIE Server tries to view or manage process definitions in Business Central, a 401 error is logged in the log file and the
Invalid credentials to load data from remote server. Contact your system administrator. message appears in Business Central.
This section describes Red Hat Process Automation Manager user roles.
rest-all roles are reserved for Business Central. The
kie-server role is reserved for KIE Server. For this reason, the available roles can differ depending on whether Business Central, KIE Server, or both are installed.
admin: Users with the
adminrole are the Business Central administrators. They can manage users and create, clone, and manage repositories. They have full access to make required changes in the application. Users with the
adminrole have access to all areas within Red Hat Process Automation Manager.
analyst: Users with the
analystrole have access to all high-level features. They can model and execute their projects. However, these users cannot add contributors to spaces or delete spaces in the Design → Projects view. Access to the Deploy → Execution Servers view, which is intended for administrators, is not available to users with the
analystrole. However, the Deploy button is available to these users when they access the Library perspective.
developer: Users with the
developerrole have access to almost all features and can manage rules, models, process flows, forms, and dashboards. They can manage the asset repository, they can create, build, and deploy projects. Only certain administrative functions such as creating and cloning a new repository are hidden from users with the
manager: Users with the
managerrole can view reports. These users are usually interested in statistics about the business processes and their performance, business indicators, and other business-related reporting. A user with this role has access only to process and task reports.
process-admin: Users with the
process-adminrole are business process administrators. They have full access to business processes, business tasks, and execution errors. These users can also view business reports and have access to the Task Inbox list.
user: Users with the
userrole can work on the Task Inbox list, which contains business tasks that are part of currently running processes. Users with this role can view process and task reports and manage processes.
rest-all: Users with the
rest-allrole can access Business Central REST capabilities.
kie-server: Users with the
kie-serverrole can access KIE Server REST capabilities. This role is mandatory for users to have access to Manage and Track views in Business Central.