Chapter 13. Red Hat Process Automation Manager roles and users
To access Business Central or KIE Server, you must create users and assign them appropriate roles before the servers are started.
The Business Central and KIE Server use Java Authentication and Authorization Service (JAAS) login module to authenticate the users. If both Business Central and KIE Server are running on a single instance, then they share the same JAAS subject and security domain. Therefore, a user, who is authenticated for Business Central can also access KIE Server.
However, if Business Central and KIE Server are running on different instances, then the JAAS login module is triggered for both individually. Therefore, a user, who is authenticated for Business Central, needs to be authenticated separately to access the KIE Server (for example, to view or manage process definitions in Business Central). In case, the user is not authenticated on the KIE Server, then 401 error is logged in the log file, displaying Invalid credentials to load data from remote server. Contact your system administrator.
message in Business Central.
This section describes available Red Hat Process Automation Manager user roles.
The admin
, analyst
, developer
, manager
, process-admin
, user
, and rest-all
roles are reserved for Business Central. The kie-server
role is reserved for KIE Server. For this reason, the available roles can differ depending on whether Business Central, KIE Server, or both are installed.
-
admin
: Users with theadmin
role are the Business Central administrators. They can manage users and create, clone, and manage the repositories. They have full access to make required changes in the application. Users with theadmin
role have access to all areas within Red Hat Process Automation Manager. -
analyst
: Users with theanalyst
role have access to all high-level features. They can model and execute their projects. However, these users cannot add contributors to spaces or delete spaces in the DesignProjects view. Access to the Deploy Execution Servers view, which is intended for administrators, is not available to users with the analyst
role. However, the Deploy button is available to these users when they access the Library perspective. -
developer
: Users with thedeveloper
role have access to almost all features and can manage rules, models, process flows, forms, and dashboards. They can manage the asset repository, they can create, build, and deploy projects, and they can use Red Hat CodeReady Studio to view processes. Only certain administrative functions such as creating and cloning a new repository are hidden from users with thedeveloper
role. -
manager
: Users with themanager
role can view reports. These users are usually interested in statistics about the business processes and their performance, business indicators, and other business-related reporting. A user with this role has access only to process and task reports. -
process-admin
: Users with theprocess-admin
role are business process administrators. They have full access to business processes, business tasks, and execution errors. These users can also view business reports and have access to the Task Inbox list. -
user
: Users with theuser
role can work on the Task Inbox list, which contains business tasks that are part of currently running processes. Users with this role can view process and task reports and manage processes. -
rest-all
: Users with therest-all
role can access Business Central REST capabilities. -
kie-server
: Users with thekie-server
role can access KIE Server (KIE Server) REST capabilities. This role is mandatory for users to have access to Manage and Track views in Business Central.