Admin users and roles
This topic describes the different types of admin users and their predefined roles and permissions.
Predefined admin roles
This section lists the predefined admin roles, in order of hierarchy, that can be assigned to a user. For details on assigning an admin user role, see Create or edit a user.
The predefined admin roles have a set of preset permissions and modules that they can access in LoadRunner Enterprise Administration.
Non-admin users don't have permissions to access or use LoadRunner Enterprise Administration.
User Role | Module Access |
---|---|
Site Admin |
Full access to all modules in LoadRunner Enterprise Administration. For a Site Admin user, all Admin roles are displayed in the Roles and Permissions page. Note: The first site administrator user created in LoadRunner Enterprise during installation cannot be deleted or modified by any other site administrator user, including by him/herself. |
Admin Viewer |
Has read-only permissions in LoadRunner Enterprise Administration. An Admin Viewer can perform actions that do not affect the database, such as filter or sort grids and generate reports. All other functionality (adding, deleting, and updating) is not available. |
Has the following restrictions in LoadRunner Enterprise Administration:
|
|
Project Admin |
Has permissions only to assign users to projects to which the Project Admin is assigned. All modules are hidden except the Users module. |
*Tenant private LGs can be either:
-
Standalone load generators where the configured location is Over firewall and an MI listener is assigned. For details, see Manage host locations and Specify MI Listeners.
-
Cloud-based load generators where the host's source is Cloud and the host was provisioned from a cloud provider. For details, see Add cloud-provisioned hosts to your lab.
General user role level rules
-
Users. A user can view all users, but can only update users that have the same, or a lower-level role (exception, assigning projects is allowed).
-
Access keys: A user can view all access keys, but can only add, delete, activate, or deactivate for users that have the same or a lower-level role.
-
Only the modules that are listed in an admin user's role are displayed in LoadRunner Enterprise Administration. For details on roles and permissions, see Admin user role permissions.
-
Site Management. Only Site Management users and the user defined during LoadRunner Enterprise installation can access the Site Management console. For details, see Multi-tenancy.
- Predefined roles cannot be customized, and are indicated by "System".
-
Only those projects that are within your role's permissions are displayed in the Assign Projects grid.
Admin user role permissions
Permissions are assigned to roles, and are organized into permission categories (maintenance, configuration, management, and reports) and then by module.
To see the permissions available by role, select Management > Roles and Permissions > Admin Roles, and select each role.
Permission categories
The following tables list the modules and permissions that are available to each user role in LoadRunner Enterprise Administration. (Module displayed) indicates for which user roles the specified module is displayed. A check mark () indicates that a user role has permissions to perform the listed actions.
Maintenance permissions
Module | Permissions | Site Admin | Admin Viewer | Tenant Admin | Project Admin |
---|---|---|---|---|---|
Hosts | (Module displayed) | Yes | Yes | Yes | No |
Hosts: Create, Delete, Update, Kill Process, Reboot, Configure LR Agent | |||||
Hosts: Check Host, Reconfigure Host, Update Host Status | |||||
Tenant Private LGs: Create, Delete, Update, Check Host, Reconfigure Host, Configure LR agent, Update Host Status |
|||||
MI Listener: Create, Delete, Update | |||||
Locations: Create, Delete, Update | |||||
Pools: Create, Delete, Update, Assign Hosts to Pools |
|||||
Host Attributes: Create, Delete, Update, Assign to Hosts | |||||
Runs | (Module displayed) |
Yes |
Yes |
Yes |
No |
Delete, Update, Manage DP Queue | |||||
Timeslots | (Module displayed) | Yes |
Yes |
Yes | No |
Create, Delete, Update, Abort | |||||
System Health | (Module displayed) | Yes | Yes | No | No |
Health Check: Run Check Maintenance Tasks: Update |
|
Configuration permissions
Module | Permissions | Site Admin | Admin Viewer | Tenant Admin | Project Admin |
---|---|---|---|---|---|
Integrations | (Module displayed) | Yes | Yes | Yes | No |
Analysis Servers: Create, Delete, Update, Assign to Projects Disruption Provider: Create, Delete, Update, Assign to Projects |
|||||
Orchestration | (Module displayed) | Yes | Yes | Yes | No |
Create, Delete, Update, Assign Projects to Orchestrator, Assign Images to orchestrator |
|||||
Cloud | (Module displayed) | Yes | Yes | Yes | No |
Cloud Accounts: Create, Delete, Update, Assign to Projects Cloud Templates: Create, Delete, Update |
|||||
Licenses | (Module displayed) | Yes | Yes | Yes | No |
Create, Delete | |||||
Servers | (Module displayed) | Yes | Yes | No | No |
LRE Server: Create, Delete, Update SMTP Server: Update |
|||||
Alerts | (Module displayed) | Yes | Yes | Yes | No |
Create, Delete, Update, Assign to Projects |
|||||
System Configuration | (Module displayed) | Yes | Yes | Yes | No |
Authentication Type - Update |
Management permissions
Module | Permissions | Site Admin | Admin Viewer | Tenant Admin | Project Admin |
---|---|---|---|---|---|
Roles and Permissions |
(Module displayed) |
Yes | Yes | Yes | No |
Manage Admin Roles, Create Project Role, Update Project Role, Delete Project Role |
|||||
Users |
(Module displayed) |
Yes | Yes | Yes | Yes |
Users: Create, Delete, Update, Assign to Projects, Create Admin User Access Keys: Create, Delete, Activate |
(except Assign to Project) | ||||
Projects | (Module displayed) | Yes | Yes | Yes | No |
Projects: Create, Delete, Update, Migrate Project, Upgrade Project, Remove Projects, Restore Project Domains: Create, Delete |
|||||
Audit | (Module displayed) | Yes | Yes | Yes | No |
Report permissions
Module | Permissions | Site Admin | Admin Viewer | Tenant Admin | Project Admin |
---|---|---|---|---|---|
Reports | (Module displayed) | Yes | Yes | Yes |
No |
Define a Site Admin user
As a site administrator, you can create and maintain domains and projects, manage users, connections, licenses, define servers, and modify configurations. For details on administration tasks, see Key tasks.
Only a site administrator user can define other LoadRunner Enterprise users as site administrators. For details on the different types of administrator users, see Predefined admin roles.
To secure the information in LoadRunner Enterprise Administration, ensure that each user you add as a site administrator has a password defined. For details, see Change a user's password.
Note: The first user created in LoadRunner Enterprise has site administrator permissions and is allowed to perform any action in the LoadRunner Enterprise system. The initial site administrator user cannot be deleted, demoted, or have it's roles changed by any user including by him/herself. For details on the administrator user groups in LoadRunner Enterprise, and the modules they can access, see Predefined admin roles.
To define site administrators:
-
In LoadRunner Enterprise Administration, select Management > Users and click the Users tab.
-
On the Users toolbar, click Add User .
-
Select the Admin User check box, and choose Site Admin.
For details on user settings, see Create or edit a user.
Change the initial Site Admin user password
You can change the password of the initial LRE Admin User created during LoadRunner Enterprise installation or configuration from a single centralized location. The password is automatically synchronized across all locations where it is stored in the product to prevent password mismatch.
For a single-tenant environment, changing the initial Site Admin user password in LoadRunner Enterprise Administration automatically synchronizes the password in Site Management.
For a multi-tenant environment, you can only change the password from Site Management. The updated password is reflected in all new tenants.
- Note:
-
The LRE Admin User password cannot be changed from the LoadRunner Enterprise Administration user interface or REST API.
-
This flow only applies to the LRE Admin User created during installation or configuration of the system. It does not apply to users with Site Admin permissions created directly inside a tenant, or to users created in Site Management which are only used to log in to Site Management.
To change the LRE Admin User password:
-
In LoadRunner Enterprise Administration, select the Users tab.
Note: In a multi-tenancy environment, you can only change the password from the Users tab in Site Management.
-
In the Users grid, click the User Name link of the LRE Admin User.
-
In the user details page, click Change adjacent to Change Password, enter a new password, and retype to confirm.
Note: This is not available when using LDAP or SSO authentication.
- Click Save to save the change.
Guidelines for changing the LRE Admin User password
When changing the password from Site Management, the following rules are followed:
-
If a tenant does not contain an LRE Admin user, this user is created automatically.
-
If a tenant has an LRE Admin user with a different user name, the operation fails with an error for that tenant and logs an error.
-
If a tenant already contains the same user name with a different permission level, the operation fails with an error for that tenant (an error appears for this in the logs).