Mapping Privileges to Event Roles
Users can have one or more privileges, which they inherit as a result of being assigned to groups or positions in the organization model (for information about assigning users to groups and positions, see the Organization Browser User’s Guide. These privileges are used to determine how to display event information to the user.
This is accomplished using event roles, which specify the event customization files to use, based on the privileges held by the logged-in user.
Event roles are defined in the eventRoles.xml configuration file.
The following is an example eventRoles.xml file:
<data> <privilege name="ResourceManager" role="ResourceManager" precedence="1" /> <privilege name="LdapContainerManager" role="LdapContainerManager" precedence="2" /> <privilege name="BaseUser" role="BaseUser" precedence="3" /> </data>
The attributes in the eventRoles.xml file have the following meanings:
- name - This is the name of a user access privilege. If the logged-in user has this privilege, the user is mapped to the event role specified in the role attribute, which in turn specifies the event configuration files to use for that user.
If the logged-in user has more than one of the privileges listed in the name attributes, the precedence attribute is used to determine which role the user is mapped—see below.
If the logged-in user does not have any of the privileges listed in the name attributes, the user is assigned a “default” role, which results in the configuration files in the ...\eventRoles\default directory being used for that user (for more information about the event role directories, see the role attribute below).
- role - This identifies the subdirectory, in the eventRoles directory, in which the event configuration files will be obtained to determine how to display events for users who hold a privilege mapped to that role.
Note that the role name does not have to be the same as the name of the privilege.
You could also have multiple privilege names mapped to the same role. For instance, you could have “Reviewer” and “ReviewerAssistant” privileges both mapped to the “Reviewer” role. Users with either of those privileges would use the same event configuration files.
- precedence - This determines which role to use if the logged-in user has multiple privileges. If the user has multiple privileges, the role that has the highest precedence (1 being the highest) is used.
If the user has multiple privileges, and the highest precedences are tied, the first of those in the list is used.
Note that all roles in the out-of-the-box eventRoles.xml file are commented out by default. This results in all users using the “default” role by default (i.e., it uses the event configuration files in the ...\eventRoles\default directory).
You must update the out-of-the-box eventRoles.xml file to include privileges used in your system—see Adding Event Roles.