Manage privileges

In the Administration Console, you can grant or deny privileges to users and user groups. You can also enable general grant rules and assign privilege rules to a role.

In this topic:

Guidelines for managing privileges

In the Privileges section of the Administration Console, you can:

• Grant or deny a privilege to a user or group.

• Enable or disable a general privilege rule for an object class or administrative function.

• Grant or deny a privilege rule for a role.

For details about the Privileges user interface, see Privileges window.

Guidelines:

• Privileges are defined for the current product in which you are working. When you create a new product based on an existing product, the privileges are copied to the new product.

• To work with privileges, you need the Manage Privileges privilege.

• You can set up privileges by selecting $GENERIC as your current product and then using the $GENERIC product as a template for privileges when creating a new product.

• When you update privilege or role assignments in the Administration Console, the changes may not take effect during current client sessions because of privilege caching. To apply the new privilege settings, restart the client session. This behavior depends on variables set in the server's dm.cfg file. For details, see Administration.

For a description of available privileges, see Privilege reference.

Back to top

Grant explicit privileges to users/groups

You can grant privileges to one or more users or groups, or to a role.

Administration privileges apply to all products in the base database. Product-level privileges apply only to your current product.

To grant or deny a privilege to users or groups:

1. In the Administration Console, go to Users, Groups, Roles and Privileges > Privileges.

2. In the Privileges toolbar, make sure that the Privileges view is selected.

3. In the navigation pane, select the privilege category, Administration Privileges or Product Level Privileges.

4. In the navigation tree, expand the relevant folder and select the appropriate privilege. Privilege details and grant rules are displayed in the content pane.

5. In the Explicit Grant/Deny Rules section of the content pane, click the Assign new privilege rules button and select an option to grant or deny a privilege to a user or group.

6. In the Grant/Deny User/Group dialog box, move available users or groups to/from the list of granted/denied users or groups, as needed.

7. Click OK.

To grant or deny a user/group one or more privileges:

1. In the Administration Console, go to Users, Groups, Roles and Privileges > Privileges.

2. In the Privileges toolbar, click Users.

3. In the navigation pane, select the user category for which you want to assign privileges: All Active Users, All Groups, Auto Registered, or Dormant Users.

4. Select the appropriate user or group. Its privileges for each object class are displayed in the content pane.

5. In the content pane, click the Assign Privilege Rule button next to the relevant object class or functional area, and select an option, Grant or Deny.

6. In the Grant/Deny Privileges dialog box, move available privileges to/from the list of granted/denied privileges, as needed.

7. Deployment privileges: To grant or deny a deployment-related privilege, scope the privilege to a project/stream, deployment stage, or deployment area:

   Field	Description
   Project/stream	To apply the privilege only to a specific project or stream, click the browse button and select a project or stream.
   Stage	To apply the privilege only when the selected project/stream is at a specific deployment stage, select the stage from the list.
   Deployment Area(s)	If the privilege relates to deployment or rollback, select the deployment area to which the privilege applies.

   For details about Dimensions CM deployment, see Use Dimensions deployment.

8. Click OK.

9. To cancel the assignment of an explicit privilege rule, In the Explicit Grant/Deny Rules section of the content pane, select one or more users or groups, click De-assign selected privilege rules, and confirm.

Back to top

Enable general grant rules

You can enable or disable general privilege rules for an object class or administrative function.

To enable or disable general grant rules:

1. In the Administration Console, go to Users, Groups, Roles and Privileges > Privileges.

2. In the Privileges toolbar, make sure that the Privileges view is selected.

3. In the navigation pane, select the privilege category, Administration Privileges or Product Level Privileges.

4. In the navigation tree, expand the relevant folder and select the appropriate privilege. Privilege details and grant rules are displayed in the content pane.

5. In the General Grant Rules section of the content pane, click the Grant/Deny button.

6. In the Enable/Disable General Grant Rules dialog box, select the rules to enable or disable. To select all the rules, click Select All.

7. Click OK to confirm the changes.

Back to top

Grant privilege rules for a role

You can assign or unassign privilege rules to/from a role.

To grant roles to a privilege:

1. In the Administration Console, go to Users, Groups, Roles and Privileges > Privileges.

2. In the Privileges toolbar, make sure that the Privileges view is selected.

3. In the navigation pane, select the privilege category, Administration Privileges or Product Level Privileges.

4. In the navigation tree, expand the relevant folder and select the appropriate privilege. Privilege details and grant rules are displayed in the content pane.

5. In the Other Grant Rules section of the content pane, click the Assign privilege rule button, and select the rule from the list.

6. In the Grant Roles to Privilege dialog box, assign roles by moving them from the Available Roles to Grant list to Granted Roles.

To grant privileges to a role:

1. In the Administration Console, go to Users, Groups, Roles and Privileges > Privileges.

2. In the Privileges toolbar, click Roles.

3. In the navigation pane, select the role for which you want to assign a privilege rule.

4. In the content pane, locate the section for the appropriate object class or functional area, and click the Assign privilege rule button next to it.

5. Select the rule from the list.

6. In the Grant Privileges to Role dialog box, assign roles by moving them from the Available Privileges to Grant list to Granted Privileges.

To remove a role, select the assigned role and move it back to Available Privileges to Grant.

7. Click OK and then confirm.

Back to top

See also:

• Users and roles management
• Users, Groups, Roles and Privileges area