Creating Custom Roles - PAS ICS Integrity - 7.3 - Help - Intergraph

ICS Integrity Help

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Help
PAS Version
7.3

Custom roles allow an administrator to define sets of assets. Then, when you assign a primary role to a user, which specifies the tasks the user can perform, you can also select custom roles to allow or deny access to specific assets.

  • If you choose to use custom roles, be sure to create at least one with all assets and use it to give access to those assets to users with the User, PowerUser, or ConfigMgr role. Otherwise, users will not have access to any assets. Administrators have access to all assets regardless of custom roles and the asset hierarchy.

  • If a user is assigned more than one custom role with opposing access permissions for a specific asset, the Deny access permission applies. This access can be allowed or denied through custom roles or through the asset hierarchy defined in Configuration Manager. For example, a user is a member of GroupA and GroupB. GroupA has Allow access for AssetA. GroupB has Deny access for AssetA. In this example, the user does not have access to AssetA.

To add a custom role:

  1. In the Admin Utility, click the Users and Groups link.

  2. For Allow custom roles, click Yes.

  3. Click Configure.

  4. On the Custom Role Settings window, click New.

  5. In the Role field, type a name for the custom role, and then click OK.

    The Asset Permissions area identifies the specific assets users of this role can access. By default, each custom role has Deny permissions for all assets.

  6. If you want to grant users of this role access to only a limited set of assets, complete the following steps for each asset:

    1. In the Asset field, select a single, specific asset.

    2. In the Access field, click Allow.

    3. Click Add.

  7. If you want to grant users of this role access to ALL EXCEPT a limited set of assets, complete the following steps:

    1. In the Asset field, select <All Assets>.

    2. In the Access field, click Allow.

    3. Click Add.

    4. For each asset you want to deny access, select the asset in the Asset field, select Deny in the Access field, and click Add.

  8. Click Save.

  9. Click Close to close the Custom Role Settings window.