User Roles

Default User Roles
Customised Roles
Assigning Roles

BrightServer allows the configuration of users' access and control over what server information they may view or edit when on the server when logged in via BrightBuilder. This is done via the concepts of user roles in the server. With roles in place, if a user attempts to access a restricted feature, they will be presented with a server response, appearing in a dialog box. They will then not be able to continue.

Please note that this a concept regarding users and the server, and does not affect user activity in their assigned applications. All users on the server may still synchronise data within their assigned applications, regardless of what server roles have been assigned.

Default User Roles

By default, there are three types of user accounts on every BrightServer. They are as follows:

Admin - Can view and change the server configuration
System Viewer - Can only view the server configuration, but may not change any of the configuration
User - no permissions to view or change the server configurations.

By default, users initially added into the system will be assigned the 'User' role. From this point, they may have their roles reassigned to either system default roles, or custom roles by users with configuration editing administrative roles enabled.

Customised Roles

New roles may be created by opening the Configuration - Users tab from the server node, entering the 'Roles' tab, and then right clicking the table of roles and selecting the context option 'Add New User Role'. A new role row will appear, where the name and the description may be edited.

Customising these added roles are also initiated through this panel. After the roles have been added, the 'Edit Privileges' menu option may be selected from any custom roles' context. In doing so, the 'Edit Privileges' dialog will appear, and the various administrative options available to users may be modified. Once complete, this new role may be assigned to any non-'bsadmin' user in the users table, and both the role and the updated user state will then be validated.

In the 'Edit Privileges' dialog, view privileges are configured via the check boxes on left hand side, and configuration privileges are configured via the check boxes on the right hand side.

As the server state is compared before any change is made via BrightBuilder, view privileges are also required whenever configuration changes are sent to BrightServer. This essentially means that any user with configuration privileges should also have view privileges in order to make changes to the server configuration.

For example, with this framework one may create a 'Developer' role. Using this role, where they could browse and download deployed applications, and deploy BSP/BEPs, but then would not be able to view or configure the server particulars such as licenses, users or the configuration of the BrightServer instance. In order to create this role, selecting 'Download Deployed Applications', 'Deploy BSP to BrightServer' and 'Deploy BEP to BrightServer' options will be sufficient.

Cannot Sync Data to Server and Cannot Sync Data From Server privileges can be very useful to create roles where a user account is placed into a special mode to restrict the data flow from a certain type of users. More specially, for instance, the Cannot Sync Data to Server privilege can be selected to create a test account role where users of that role can sync an application version with some business data to carry out a full test directly communicating with a live production server without worrying about sending data to server and compromising the integrity of the live business data.

For security reasons, the 'Edit Users' option will only allow the creation, modification and deletion of 'User' type users, and will not allow the editing of user roles. In order for a user to have full access to edit any user or roles, the 'Edit BrightServer Configuration' option must be granted to their role.

Assigning Roles

Roles are assigned to users in the main user's tab in the user configuration panel, under the column 'Role'. When changed, the new configuration will be uploaded to the server, and at that stage, any new stages will take effect.

In each user's row, their roles may be specified using a drop down menu containing all the defined roles on the server.

If a user's specified role does not exist, such as if the role has been deleted, their account will default to the 'User' role on server connection or data synchronisation.