Chapter 4. Red Hat Process Automation Manager roles and users
To access Business Central or Process Server, you must create users and assign them appropriate roles before the servers are started.
The Business Central and Process Server use Java Authentication and Authorization Service (JAAS) login module to authenticate the users. If both Business Central and Process Server are running on a single instance, then they share the same JAAS subject and security domain. Therefore, a user, who is authenticated for Business Central can also access Process Server.
However, if Business Central and Process Server are running on different instances, then the JAAS login module is triggered for both individually. Therefore, a user, who is authenticated for Business Central, needs to be authenticated separately to access the Process Server (for example, to view or manage process definitions in Business Central). In case, the user is not authenticated on the Process Server, then 401 error is logged in the log file, displaying
Invalid credentials to load data from remote server. Contact your system administrator. message in Business Central.
This section describes available Red Hat Process Automation Manager user roles.
rest-all roles are reserved for Business Central. The
kie-server role is reserved for Process Server. For this reason, the available roles can differ depending on whether Business Central, Process Server, or both are installed.
admin: Users with the
adminrole are the Business Central administrators. They can manage users and create, clone, and manage the repositories. They have full access to make required changes in the application. Users with the
adminrole have access to all areas within Red Hat Process Automation Manager.
analyst: Users with the
analystrole have access to all high-level features. They can model and execute their projects. However, these users cannot add contributors to spaces or delete spaces in the Design → Projects view. Access to the Deploy → Execution Servers view, which is intended for administrators, is not available to users with the
analystrole. However, the Deploy button is available to these users when they access the Library perspective.
developer: Users with the
developerrole have access to almost all features and can manage rules, models, process flows, forms, and dashboards. They can manage the asset repository, they can create, build, and deploy projects, and they can use Red Hat CodeReady Studio to view processes. Only certain administrative functions such as creating and cloning a new repository are hidden from users with the
manager: Users with the
managerrole can view reports. These users are usually interested in statistics about the business processes and their performance, business indicators, and other business-related reporting. A user with this role has access only to process and task reports.
process-admin: Users with the
process-adminrole are business process administrators. They have full access to business processes, business tasks, and execution errors. These users can also view business reports and have access to the Task Inbox list.
user: Users with the
userrole can work on the Task Inbox list, which contains business tasks that are part of currently running processes. Users with this role can view process and task reports and manage processes.
rest-all: Users with the
rest-allrole can access Business Central REST capabilities.
kie-server: Users with the
kie-serverrole can access Process Server (KIE Server) REST capabilities. This role is mandatory for users to have access to Manage and Track views in Business Central.