Set up security
This topic describes a typical sequence of tasks to set up your initial security in Deployment Automation. Then you manage each security area as needed.
To set up security, perform these tasks in order:
Create roles and define permissions for the various product areas. For most evaluations, the default roles should be adequate.
See Role configuration.
Create Authorization Realms and Groups
Authorization realms are used by authentication realms to associate users with groups and to determine user access.
Define Default Permissions
Set default permissions by product area. You can set default permissions for all users or by group.
Create Authentication Realms and Add Users
The authentication realm is used to determine a user's identity within an authorization realm. Add users to appropriate authentication realms. If you configured more than one realm, user authentication is determined according to the hierarchy of realms defined in the Authentication pane. When a user attempts to log in, all realms are polled for matching credentials.
Add Users to Groups
Add members to groups. Users who are members of a specific group inherit the group' permissions.
See Add users to groups.
Set Role Membership by Product Area
To further refine the permissions by role, you can give groups and users role membership as follows:
- For most product areas, set these in the Security tab for each product area and item.
In the Administration > Security options, set System Security and UI Security.
You can set environment and component security settings at the direct object level and within the applications to which they are associated:
Component security No matter whether you set the security on the component level or application component level, the settings are applied everywhere. Environment security
The settings are handled as follows:
- When an environment is associated with an application, the security that is set for the environment is inherited by the application environment.
- After an environment is associated with an application, if the security is changed directly on the environment, the setting for the application environment is not affected.
- If the security is changed for the application environment, the setting at the direct environment level is not affected.
For details, see Set role membership by product area.