Setting up Security

Typically, you perform the following steps in order when setting up Deployment Automation your initial security. Thereafter, you will administer each security area as needed.

  • Create Roles

    Create roles and define permissions for the various product areas. For most evaluations, the default roles should be adequate.

    See Role Configuration.

  • Create Authorization Realms and Groups

    Authorization realms are used by authentication realms to associate users with groups and to determine user access.

    See Authorization Realms and Groups.

  • Define Default Permissions

    Set default permissions by product area. You can set default permissions for all users or by group.

    See Default Permissions.

  • Create Authentication Realms and Add Users

    The authentication realm is used to determine a user's identity within an authorization realm. Add users to appropriate authentication realms. If more than one realm has been configured, user authentication is determined following the hierarchy of realms defined on the Authentication pane. When a user attempts to log in, all realms are polled for matching credentials.

    See Authentication Realms and Users.

  • Add Users to Groups

    Add members to groups. Users who are members of groups inherit the groups' permissions.

    See Adding Users to Groups.

  • Set Role Membership by Product Area

    To further refine the permissions by role, you can give groups and users role membership as follows:

    • For most product areas, set these in the Security tab for each specific product area and item.
    • Set System Security and UI Security in the Administration > Security options of the same names.

    Note: Environment and component security settings can be set at the direct object level and within the applications to which they are associated.

    For component security, no matter whether you set the security on the component level or application component level, the settings are applied everywhere.

    Environment security settings are handled as follows:

    • Upon initial association with an application, the security that is set for the environment is inherited by the application environment.
    • After an environment is associated with an application, if the security is changed directly on the environment, the setting for the application environment is not affected.
    • If the security is changed for the application environment, the setting at the direct environment level is not affected.
  • See Setting Role Membership by Product Area.