Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 4 Managing Users and Roles : Managing Access Rights

Managing Access Rights
The TIBCO Administrator GUI provides Read, Write and Administer permissions for items that display in the Security console tree. The domain administrator user, a Super User or a user with Administer permission sets permissions. See Chapter 5 for security details.
Access permissions are set using the Security console that is available for each TIBCO Administrator GUI console. For example, the following diagram shows the Security dialog for the Users console. All users have Read access and the dtadmin user has Write and Administer access. Read access allows users to view the Users console. Write access allows users to change domain data through console and Administer access allows users to set access permissions for other users. Access rights are inherited down the security console tree unless specifically overridden.
Figure 13 Edit Security
Read Access
A user with read access to a resource can view that resource.
Read access provided at the top level folder in the Security console tree allows you to:
Read access does not allow you to:
Write Access
A user with write access to a resource can modify that resource. Write access to a resource implies read access to that resource.
Write access is typically assigned to developers who load, deploy and monitor applications. Developers can be assigned write access to just the applications and application repositories they are responsible for or can be given write access to all applications. Developers typically need not have access to the User Management module.
Write access provided at the top level folder in the Security console tree allows you to:
Write access does not allow you to:
Administer Access
A user with administrator access to a resource can assign permission to other users and roles to access that resource.
When permissions are set on a folder, they automatically apply to all items in the folder. This behavior can be changed such that Administer permission is only granted to some items in a folder. See Chapter 5 for details.
Super User Access
The domain administrator user can assign super user access to other users by adding them to the list of super users. A Super User has Read, Write and Administer permissions to all resources in the administration domain without explicitly having been granted those permissions. This allows the user to:
A Super User can also add other users to the list of super users.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved