Skip to main content

Administrator roles

Introduction to administrator roles

The Intelligent Application Manager provides different levels of authority to ensure the security of your applications.

For example, only administrators are allowed to create new applications, while an application manager is responsible for creating user groups and users for a subset of applications.

Assign roles to users

To assign administrator rights in IAM:

menu Authorization > Users > tab Administrators

Available administrator roles

The following administrator roles are available:

note
ISV's = information specifically for Independent Software Vendors hosting multi-tenant SaaS environments.
RoleRights
Main administrator- Full control over the IAM.
- Set-up new tenants and manually link users and user groups to them.
ISV's :
- Never assign the Main administrator role to a customer. This role is not limited by the tenancy filters and has access to all the users and all the tenants it is inked to.
Application administrator- Create new applications and tenants, and link roles to user groups. User groups can be created by a Group administrator.
- Assign Application owners.
ISV's :
- Never assign the Application administrator role to a customer, since this role has access to all applications and users of all tenants, to be able to assign application owners.
Application owner- See user groups assigned to the own tenant.
- Assign roles of the assigned application(s) to user groups.
ISV's :
- The Application owner role is subject to tenancy and can be assigned to customers.
Group administrator- See users and user groups within the own tenant.
- Create new user groups. The user group will automatically be assigned to the own tenant.
- Link users to user groups within the own tenant. Users can be created by a User administrator.
- Define Group owners.
ISV's :
- The Group administrator role is subject to tenancy and can be assigned to customers.
Group owner- Link users to the groups for which they are the owner, within the own tenant.
ISV's :
- The Group owner role is subject to tenancy and can be assigned to customers.
User administrator- See users, user preferences and user logging within the own tenant.
- Create new users. The user will automatically be assigned to the same tenant
ISV's :
- The User administrator role is subject to tenancy and can be assigned to customers.
- NOTE: Duplicate user IDs or email addresses might reveal information about users already registered to another customer.
Simulator- Simulate other users for troubleshooting purposes within the own tenant. See user simulation.
ISV's :
- The Simulator role is subject to tenancy and can be assigned to customers.
- NOTE: if a user is both a Root administrator and a Simulator, any user of any tenant can be simulated.
Developer mode- Run in developer mode within the own tenant.
ISV's :
- Never assign the Developer mode role to a customer. This role allows a user to download the system logs which contain information of all tenants.

Examples

An application administrator responsible for creating users and user groups and linking roles to user groups requires the following roles:

  • Application administrator or Application owner.
  • Group administrator and Group owner.
  • User administrator.

A single tenant requires the following roles for creating users and user groups and linking users to user groups:

  • Group administrator and Group owner.
  • User administrator.