Admin users and roles

This topic describes the different types of admin users and their predefined roles and permissions.

Predefined admin roles

This section lists the predefined admin roles, in order of hierarchy, that can be assigned to a user. For details on assigning an admin user role, see Create or edit a user.

The predefined admin roles have a set of preset permissions and modules that they can access in LoadRunner Enterprise Administration.

Non-admin users don't have permissions to access or use LoadRunner Enterprise Administration.

User Role Module Access
Site Admin

Full access to all modules in LoadRunner Enterprise Administration. For a Site Admin user, all Admin roles are displayed in the Roles and Permissions page.

Note: The first site administrator user created in LoadRunner Enterprise during installation cannot be deleted or modified by any other site administrator user, including by him/herself.

Admin Viewer

Has read-only permissions in LoadRunner Enterprise Administration.

An Admin Viewer can perform actions that do not affect the database, such as filter or sort grids and generate reports. All other functionality (adding, deleting, and updating) is not available.

Tenant Admin

Has the following restrictions in LoadRunner Enterprise Administration:

  • The Servers and System Health modules are not available, together with the File Repository tab in Site Configuration.

  • Read-only permissions on the Licenses module, except for license keys which are hidden.

  • Read-only permissions over hosts, with the exception of being able to check hosts, reconfigure hosts, and update host status in the Hosts tab, add or edit pools and locations in the Pools and Locations tabs, and assign hosts to pools in the Pools tab. In addition, a Tenant Admin user has full permissions over Tenant private LGs*.

  • The Tenant Admin user cannot manage MI Listeners.
  • Only the Tenant Admin and lower roles (Project Admin) are displayed in the Roles and Permissions page.

Project Admin

Has permissions only to assign users to projects to which the Project Admin is assigned.

All modules are hidden except the Users module.

*Tenant private LGs can be either:

General user role level rules

  • Users. A user can view all users, but can only update users that have the same, or a lower-level role (exception, assigning projects is allowed).

  • Access keys: A user can view all access keys, but can only add, delete, activate, or deactivate for users that have the same or a lower-level role.

  • Only the modules that are listed in an admin user's role are displayed in LoadRunner Enterprise Administration. For details on roles and permissions, see Admin user role permissions.

  • Site Management. Only Site Management users and the user defined during LoadRunner Enterprise installation can access the Site Management console. For details, see Multi-tenancy.

  • Predefined roles cannot be customized, and are indicated by "System".
  • Only those projects that are within your role's permissions are displayed in the Assign Projects grid.

Back to top

Admin user role permissions

Permissions are assigned to roles, and are organized into permission categories (maintenance, configuration, management, and reports) and then by module.

To see the permissions available by role, select Management > Roles and Permissions > Admin Roles, and select each role.

Permission categories

The following tables list the modules and permissions that are available to each user role in LoadRunner Enterprise Administration. (Module displayed) indicates for which user roles the specified module is displayed. A check mark () indicates that a user role has permissions to perform the listed actions.

Maintenance permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Hosts (Module displayed) Yes Yes Yes No
Hosts: Create, Delete, Update, Kill Process, Reboot, Configure LR Agent
Hosts: Check Host, Reconfigure Host, Update Host Status

Tenant Private LGs: Create, Delete, Update, Check Host, Reconfigure Host, Configure LR agent, Update Host Status

MI Listener: Create, Delete, Update
Locations: Create, Delete, Update

Pools: Create, Delete, Update, Assign Hosts to Pools

Host Attributes: Create, Delete, Update, Assign to Hosts
Runs (Module displayed)

Yes

Yes

Yes

No
Delete, Update, Manage DP Queue
Timeslots (Module displayed) Yes

Yes

Yes No
Create, Delete, Update, Abort
System Health (Module displayed) Yes Yes No No

Health Check: Run Check

Maintenance Tasks: Update

Configuration permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Integrations (Module displayed) Yes Yes Yes No

Analysis Servers: Create, Delete, Update, Assign to Projects

Disruption Provider: Create, Delete, Update, Assign to Projects

Orchestration (Module displayed) Yes Yes Yes No

Create, Delete, Update, Assign Projects to Orchestrator, Assign Images to orchestrator

Cloud (Module displayed) Yes Yes Yes No

Cloud Accounts: Create, Delete, Update, Assign to Projects

Cloud Templates: Create, Delete, Update

Licenses (Module displayed) Yes Yes Yes No
Create, Delete
Servers (Module displayed) Yes Yes No No

LRE Server: Create, Delete, Update

SMTP Server: Update

Alerts (Module displayed) Yes Yes Yes No

Create, Delete, Update, Assign to Projects

System Configuration (Module displayed) Yes Yes Yes No
Authentication Type - Update

Management permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Roles and Permissions

(Module displayed)

Yes Yes Yes No

Manage Admin Roles, Create Project Role, Update Project Role, Delete Project Role

Users

(Module displayed)

Yes Yes Yes Yes

Users: Create, Delete, Update, Assign to Projects, Create Admin User

Access Keys: Create, Delete, Activate

(except Assign to Project)
Projects (Module displayed) Yes Yes Yes No

Projects: Create, Delete, Update, Migrate Project, Upgrade Project, Remove Projects, Restore Project

Domains: Create, Delete

Audit (Module displayed) Yes Yes Yes No

Report permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Reports (Module displayed) Yes Yes Yes

No

Back to top

Define a Site Admin user

As a site administrator, you can create and maintain domains and projects, manage users, connections, licenses, define servers, and modify configurations. For details on administration tasks, see Key tasks.

Only a site administrator user can define other LoadRunner Enterprise users as site administrators. For details on the different types of administrator users, see Predefined admin roles.

To secure the information in LoadRunner Enterprise Administration, ensure that each user you add as a site administrator has a password defined. For details, see Change a user's password.

Note: The first user created in LoadRunner Enterprise has site administrator permissions and is allowed to perform any action in the LoadRunner Enterprise system. The initial site administrator user cannot be deleted, demoted, or have it's roles changed by any user including by him/herself. For details on the administrator user groups in LoadRunner Enterprise, and the modules they can access, see Predefined admin roles.

To define site administrators:

  1. In LoadRunner Enterprise Administration, select Management > Users and click the Users tab.

  2. On the Users toolbar, click Add User .

  3. Select the Admin User check box, and choose Site Admin.

    For details on user settings, see Create or edit a user.

Back to top

Change the initial Site Admin user password

You can change the password of the initial LRE Admin User created during LoadRunner Enterprise installation or configuration from a single centralized location. The password is automatically synchronized across all locations where it is stored in the product to prevent password mismatch.

For a single-tenant environment, changing the initial Site Admin user password in LoadRunner Enterprise Administration automatically synchronizes the password in Site Management.

For a multi-tenant environment, you can only change the password from Site Management. The updated password is reflected in all new tenants.

    Note:
  • The LRE Admin User password cannot be changed from the LoadRunner Enterprise Administration user interface or REST API.

  • This flow only applies to the LRE Admin User created during installation or configuration of the system. It does not apply to users with Site Admin permissions created directly inside a tenant, or to users created in Site Management which are only used to log in to Site Management.

To change the LRE Admin User password:

  1. In LoadRunner Enterprise Administration, select the Users tab.

    Note: In a multi-tenancy environment, you can only change the password from the Users tab in Site Management.

  2. In the Users grid, click the User Name link of the LRE Admin User.

  3. In the user details page, click Change adjacent to Change Password, enter a new password, and retype to confirm.

    Note: This is not available when using LDAP or SSO authentication.

  4. Click Save to save the change.

Guidelines for changing the LRE Admin User password

When changing the password from Site Management, the following rules are followed:

  • If a tenant does not contain an LRE Admin user, this user is created automatically.

  • If a tenant has an LRE Admin user with a different user name, the operation fails with an error for that tenant and logs an error.

  • If a tenant already contains the same user name with a different permission level, the operation fails with an error for that tenant (an error appears for this in the logs).

Back to top