Admin users and roles

This topic describes the different types of admin users and their predefined roles and permissions.

Predefined admin roles

This section lists the predefined admin roles, in order of hierarchy, that can be assigned to a user. For details on assigning an admin user role, see Create or edit a user.

The predefined admin roles have a set of preset permissions and modules that they can access in Administration.

Non-admin users don't have permissions to access or use Administration.

User Role Module Access
Site Admin

Full access to all modules in Administration. For a Site Admin user, all Admin roles are displayed in the Roles and Permissions page.

Note: The first site administrator user created in OpenText Enterprise Performance Engineering during installation cannot be deleted or modified by any other site administrator user, including by him/herself.

Admin Viewer

Has read-only permissions in Administration.

An Admin Viewer can perform actions that do not affect the database, such as filter or sort grids and generate reports. All other functionality (adding, deleting, and updating) is not available.

Tenant Admin

Has the following restrictions in Administration:

  • The Servers and System Health modules are not available, together with the File Repository tab in Site Configuration.

  • Read-only permissions on the Licenses module, except for license keys which are hidden.

  • Read-only permissions over hosts, with the exception of being able to check hosts, reconfigure hosts, and update host status in the Hosts tab, add or edit pools and locations in the Pools and Locations tabs, and assign hosts to pools in the Pools tab. In addition, a Tenant Admin user has full permissions over Tenant private LGs*.

  • The Tenant Admin user cannot manage MI Listeners.
  • Only the Tenant Admin and lower roles (Project Admin) are displayed in the Roles and Permissions page.

Project Admin

Has permissions only to assign users to projects to which the Project Admin is assigned.

All modules are hidden except the Users module.

*Tenant private LGs can be either:

General user role level rules

  • Users. A user can view all users, but can only update users that have the same, or a lower-level role (exception, assigning projects is allowed).

  • Access keys: A user can view all access keys, but can only add, delete, activate, or deactivate for users that have the same or a lower-level role.

  • Only the modules that are listed in an admin user's role are displayed in Administration. For details on roles and permissions, see Admin user role permissions.

  • Site Management. Only Site Management users and the user defined during installation can access the Site Management console. For details, see Multi-tenancy.

  • Predefined roles cannot be customized, and are indicated by "System".
  • Only those projects that are within your role's permissions are displayed in the Assign Projects grid.

Back to top

Admin user role permissions

Permissions are assigned to roles, and are organized into permission categories (maintenance, configuration, management, and reports) and then by module.

To see the permissions available by role, select Management > Roles and Permissions > Admin Roles, and select each role.

Permission categories

The following tables list the modules and permissions that are available to each user role in Administration. (Module displayed) indicates for which user roles the specified module is displayed. A check mark (check mark) indicates that a user role has permissions to perform the listed actions.

Maintenance permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Hosts (Module displayed) Yes Yes Yes No
Hosts: Create, Delete, Update, Kill Process, Reboot, Configure LR Agent check mark x mark x mark x mark
Hosts: Check Host, Reconfigure Host, Update Host Status check mark x mark check mark x mark

Tenant Private LGs: Create, Delete, Update, Check Host, Reconfigure Host, Configure LR agent, Update Host Status

check mark x mark check mark x mark
MI Listener: Create, Delete, Update check mark x mark x mark x mark
Locations: Create, Delete, Update check mark x mark check mark x mark

Pools: Create, Delete, Update, Assign Hosts to Pools

check mark x mark check mark x mark
Host Attributes: Create, Delete, Update, Assign to Hosts check mark x mark check mark x mark
Runs (Module displayed)

Yes

Yes

Yes

No
Delete, Update, Manage DP Queue check mark x mark check mark x mark
Timeslots (Module displayed) Yes

Yes

Yes No
Create, Delete, Update, Abort check mark x mark check mark x mark
System Health (Module displayed) Yes Yes No No

Health Check: Run Check

Maintenance Tasks: Update

check mark

x mark

x mark x mark

Configuration permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Integrations (Module displayed) Yes Yes Yes No

Analysis Servers: Create, Delete, Update, Assign to Projects

Disruption Provider: Create, Delete, Update, Assign to Projects

check mark x mark check mark x mark
Orchestration (Module displayed) Yes Yes Yes No

Create, Delete, Update, Assign Projects to Orchestrator, Assign Images to orchestrator

check mark x mark check mark x mark
Cloud (Module displayed) Yes Yes Yes No

Cloud Accounts: Create, Delete, Update, Assign to Projects

Cloud Templates: Create, Delete, Update

check mark x mark check mark x mark
Licenses (Module displayed) Yes Yes Yes No
Create, Delete check mark x mark x mark x mark
Servers (Module displayed) Yes Yes No No

LRE Server: Create, Delete, Update

SMTP Server: Update

check mark x mark x mark x mark
Alerts (Module displayed) Yes Yes Yes No

Create, Delete, Update, Assign to Projects

check mark x mark check mark x mark
System Configuration (Module displayed) Yes Yes Yes No
Authentication Type - Update check mark x mark check mark x mark

Management permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Roles and Permissions

(Module displayed)

Yes Yes Yes No

Manage Admin Roles, Create Project Role, Update Project Role, Delete Project Role

check mark x mark check mark x mark
Users

(Module displayed)

Yes Yes Yes Yes

Users: Create, Delete, Update, Assign to Projects, Create Admin User

Access Keys: Create, Delete, Activate

check mark x mark check mark x mark (except Assign to Project)
Projects (Module displayed) Yes Yes Yes No

Projects: Create, Delete, Update, Migrate Project, Upgrade Project, Remove Projects, Restore Project

Domains: Create, Delete

check mark x mark check mark x mark
Audit (Module displayed) Yes Yes Yes No

Report permissions

Module Permissions Site Admin Admin Viewer Tenant Admin Project Admin
Reports (Module displayed) Yes Yes Yes

No

Back to top

Define a Site Admin user

As a site administrator, you can create and maintain domains and projects, manage users, connections, licenses, define servers, and modify configurations. For details on administration tasks, see Key tasks.

Only a site administrator user can define other OpenText Enterprise Performance Engineering users as site administrators. For details on the different types of administrator users, see Predefined admin roles.

To secure the information in Administration, ensure that each user you add as a site administrator has a password defined. For details, see Change a user's password.

Note: The first user created in OpenText Enterprise Performance Engineering has site administrator permissions and is allowed to perform any action in the OpenText Enterprise Performance Engineering system. The initial site administrator user cannot be deleted, demoted, or have it's roles changed by any user including by him/herself. For details on the administrator user groups in OpenText Enterprise Performance Engineering, and the modules they can access, see Predefined admin roles.

To define site administrators:

  1. In Administration, select Management > Users and click the Users tab.

  2. On the Users toolbar, click Add User Add button.

  3. Select the Admin User check box, and choose Site Admin.

    For details on user settings, see Create or edit a user.

Back to top

Change the initial Site Admin user password

You can change the password of the initial LRE Admin User created during OpenText Enterprise Performance Engineering installation or configuration from a single centralized location. The password is automatically synchronized across all locations where it is stored in the product to prevent password mismatch.

For a single-tenant environment, changing the initial Site Admin user password in Administration automatically synchronizes the password in Site Management.

For a multi-tenant environment, you can only change the password from Site Management. The updated password is reflected in all new tenants.

    Note:
  • The LRE Admin User password cannot be changed from the Administration user interface or REST API.

  • This flow only applies to the LRE Admin User created during installation or configuration of the system. It does not apply to users with Site Admin permissions created directly inside a tenant, or to users created in Site Management which are only used to log in to Site Management.

To change the LRE Admin User password:

  1. In Administration, select the Users tab.

    Note: In a multi-tenancy environment, you can only change the password from the Users tab in Site Management.

  2. In the Users grid, click the User Name link of the LRE Admin User.

  3. In the user details page, click Change adjacent to Change Password, enter a new password, and retype to confirm.

    Note: This is not available when using LDAP or SSO authentication.

  4. Click Save to save the change.

Guidelines for changing the LRE Admin User password

When changing the password from Site Management, the following rules are followed:

  • If a tenant does not contain an LRE Admin user, this user is created automatically.

  • If a tenant has an LRE Admin user with a different user name, the operation fails with an error for that tenant and logs an error.

  • If a tenant already contains the same user name with a different permission level, the operation fails with an error for that tenant (an error appears for this in the logs).

Back to top