Set up security
This topic lists a sequence of tasks you typically follow when setting up your initial security in Deployment Automation. Then you administer each security area as needed.
To set up security, perform these tasks in order:
Create roles and define permissions for the various product areas. For most evaluations, the default roles should be adequate.
See Role configuration.
Create Authorization Realms and Groups
Authorization realms are used by authentication realms to associate users with groups and to determine user access.
Define Default Permissions
Set default permissions by product area. You can set default permissions for all users or by group.
Create Authentication Realms and Add Users
The authentication realm is used to determine a user's identity within an authorization realm. Add users to appropriate authentication realms. If you configured more than one realm, user authentication is determined according to the hierarchy of realms defined in the Authentication pane. When a user attempts to log in, all realms are polled for matching credentials.
Add Users to Groups
Add members to groups. Users who are members of a specific group inherit the group' permissions.
See Add users to groups.
Set Role Membership by Product Area
To further refine the permissions by role, you can give groups and users role membership as follows:
- For most product areas, set these in the Security tab for each product area and item.
In the Administration > Security options, set System Security and UI Security.
Note: Environment and component security settings can be set at the direct object level and within the applications to which they are associated.
For component security, no matter whether you set the security on the component level or application component level, the settings are applied everywhere.
Environment security settings are handled as follows:
- Upon initial association with an application, the security that is set for the environment is inherited by the application environment.
- After an environment is associated with an application, if the security is changed directly on the environment, the setting for the application environment is not affected.
- If the security is changed for the application environment, the setting at the direct environment level is not affected.