Chapter 17. Red Hat Decision Manager roles and users

To access Business Central or KIE Server, you must create users and assign them appropriate roles before the servers are started. You can create users and roles when you install Business Central or KIE Server.

If both Business Central and KIE Server are running on a single instance, a user who is authenticated for Business Central can also access KIE Server.

However, if Business Central and KIE Server are running on different instances, a user who is authenticated for Business Central must be authenticated separately to access KIE Server. For example, if a user who is authenticated on Business Central but not authenticated on KIE Server tries to view or manage process definitions in Business Central, a 401 error is logged in the log file and the Invalid credentials to load data from remote server. Contact your system administrator. message appears in Business Central.

This section describes Red Hat Decision Manager user roles.

Note

The admin, analyst, and rest-all roles are reserved for Business Central. The kie-server role is reserved for KIE Server. For this reason, the available roles can differ depending on whether Business Central, KIE Server, or both are installed.

  • admin: Users with the admin role are the Business Central administrators. They can manage users and create, clone, and manage repositories. They have full access to make required changes in the application. Users with the admin role have access to all areas within Red Hat Decision Manager.
  • analyst: Users with the analyst role have access to all high-level features. They can model projects. However, these users cannot add contributors to spaces or delete spaces in the Design → Projects view. Access to the Deploy → Execution Servers view, which is intended for administrators, is not available to users with the analyst role. However, the Deploy button is available to these users when they access the Library perspective.
  • rest-all: Users with the rest-all role can access Business Central REST capabilities.
  • kie-server: Users with the kie-server role can access KIE Server REST capabilities.

17.1. Adding Red Hat Decision Manager users

Before you can use RH-SSO to authenticate Business Central or KIE Server, you must add users to the realm that you created. To add new users and assign them a role to access Red Hat Decision Manager, complete the following steps:

  1. Log in to the RH-SSO Admin Console and open the realm that you want to add a user to.

  2. Click the Users menu item under the Manage section.

    An empty user list appears on the Users page.

  3. Click the Add User button on the empty user list to start creating your new user.

    The Add User page opens.

  4. On the Add User page, enter the user information and click Save.
  5. Click the Credentials tab and create a password.

  6. Assign the new user one of the roles that allows access to Red Hat Decision Manager. For example, assign the admin role to access Business Central or assign the kie-server role to access KIE Server.

    Note

    For projects that deploy from Business Central on OpenShift, create an RH-SSO user called mavenuser without any role assigned, then add this user to the BUSINESS_CENTRAL_MAVEN_USERNAME and BUSINESS_CENTRAL_MAVEN_PASSWORD in your OpenShift template.

  7. Define the roles as realm roles in the Realm Roles tab under the Roles section.

    Alternatively, for roles used in Business Central, you can define the roles as client roles for the kie client. For instructions about configuring the kie client, see Section 18.1, “Creating the Business Central client for RH-SSO”. To use client roles, you must also configure additional settings for Business Central, as described in Section 18.2, “Installing the RH-SSO client adapter for Business Central”.

    You must define roles used in KIE Server as realm roles.

  8. Click the Role Mappings tab on the Users page to assign roles.