You are here: Configure > Configure Role-Based Access Control > Configure Roles

Configure Roles

A role is a component of the role-based access system, and is used to define the actions that can be performed by the user of an account associated with a resource pool. A resource pool defines the resources that will be made available to an account, such as storage devices and ECX features; a role sets the permissions to interact with the resources defined in the resource pool. For example, if a resource pool is created that includes ECX Copy Data and Use Data policies, the role will determine how a user can interact with the policies. Permissions can be set to allow a user to create, view, and run the Copy Data and Use Data policies defined in a resource pool, but not delete them. Similarly, permissions can be set to create administrator accounts, allowing a user to create and edit other accounts, set up sites and providers, and interact with all of the available ECX features.

BEFORE YOU BEGIN:

Create sites to assign to your providers. A site is a user-defined grouping of providers that is generally based on location. See Add a Site.
Add providers to ECX and associate them with a site. See Register a Provider.
Once providers are available in ECX and associated with a site, assign them to a resource pool. See Configure Resource Pools.

Add a Role

Click the Configure tab. On the Views pane, select Roles . The All Roles pane opens.
In the All Roles pane, click New . The New Role dialog opens.
Enter a role name and a meaningful description.
Select ECX features to add to the role, such as reports, policies, and sites as well as provider types, such as VMware, LDAP, and SMTP.
When a feature is added to the role, it displays in the Permissions pane. Select permissions for the feature. For example, if the Site feature is added to the role, the following Site-based permissions are available: Create, View, Edit, Delete and All Permissions. If the Delete permission is excluded from the role, accounts associated with this role can create, view, and edit Sites, but cannot delete them.
Similarly, if the Report feature is added to the role, the Create permission allows accounts associated with the role to create custom reports. The View permission allows accounts associated with the role to view the list of reports in the Reports and Policy tabs as well as run and view reports.
To set permissions, click Click to select permissions.
Continue adding features and setting associated permissions.
When you are satisfied that the selected features and permissions are correct, click Finish. The role appears on the All Roles pane and can be applied to new and existing accounts.

Edit a Role

Revise a role to change the resources and permissions assigned to the role. Updated role settings take affect once accounts associated with the role log in to ECX.

Note: The SYSADMIN and USER roles cannot be edited.

Click the Configure tab. On the Views pane, select Roles . The All Roles pane opens.
In the All Roles pane, select the role to edit by clicking in the row containing the role name.
Click Edit . The Edit Role dialog opens.
Select new resources and permissions to assign to the role.
Click OK. The revisions are applied to the role.

Delete a Role

Delete a role when it becomes obsolete. A role cannot be deleted if it is assigned to an account. Re-assign your accounts to different roles before deleting.

Note: The SYSADMIN and USER roles cannot be deleted.

Click the Configure tab. On the Views pane, select Roles . The All Roles pane opens.
In the All Roles pane, select the role to delete by clicking in the row containing the role name.
Click Delete . A confirmation dialog box displays.
Confirm deletion. The role is deleted.

NEXT STEPS:

Create an account. An account associates resource pools and roles with a user. Accounts can be native to ECX or can be imported as an LDAP group. See Configure Accounts.