Defining Security and Access

Included as part of a deployment process are the permissions required to perform various decisions or executions. PPM controls access to perform decisions and executions by:

• Licenses: Provide users with access to a PPM products such as Deployment Management, but licenses do not dictate what actions a user is authorized to perform.

• Access Grants: When used with licenses, access grants define the actions a user is authorized to perform within a product PPM.

For example, you can restrict a user's actions, as follows:

• License, Deployment Management

• Access Grant, View Packages - Those who can view packages

• Access Grant, Edit Packages - Those who can edit packages

For more information concerning licenses and access grants, see the Security Model Guide and Reference.

When designing deployment processes, use security groups or dynamic access (tokens). Avoid specifying a list of users to control an action. If the list of users changes, you must update your workflow in a variety of places to keep the deployment process running correctly. By using a security group instead of a list of users, you can update the security group once, and the changes are propagated throughout the workflow.

Table 2-12. Example of workflow security groups provides an example of which security groups can access a deployment workflow, and at which workflow step.

Table 2-12. Example of workflow security groups

Workflow Step	Security Groups
Create a package	Financial Apps - Engineer Financial Apps - Database Financial Apps - Manage Deployment
Use the deployment workflow	Financial Apps - Engineer Financial Apps - Manage Deployment
Use a file object type	Financial Apps - Engineer Financial Apps - Database Financial Apps - Manage Deployment
Use a database object type	Financial Apps - Database Financial Apps - Manage Deployment