Working with roles

Console users are granted access to resources based on the role to which they have been assigned. In the navigation pane, click Console Settings icon > Roles to add and remove roles and to assign access to widgets, dashboards, and views.

After the console is installed, there are some roles already defined to the server.

Note: The iscusers console role in Jazz™ for Service Management is equivalent to the All Authenticated Users role from the earlier Tivoli® Integrated Portal console.

Access levels

The access level that a role has to a resource determines the actions that users within that role can perform on the resource.

Table 1. Access rights to console resources based on access level
	Access Level
Resource	"User"	"Privileged User"	"Editor"	"Manager"
Widget	View and interact with the widget and access widget help.	View and interact with the widget, edit personal settings, and access widget help.	View and interact with the widget, edit personal settings, edit global settings, and access widget help.	View and interact with the widget, edit personal settings, edit global settings, and access widget help. Create and edit customized widgets in the widget wizard
Dashboard or Page	Launch the node from the navigation.		Launch the node from the navigation and edit the content and layout.
Folder	Note: Folders are always available in the navigation if the user has access to at least one of its dashboards.
External URL	Launch the node from the navigation.
View	Select the view.

For a given resource, if a role does not have one of these access level settings, then the role has no access to the resource.

Only users with "adminsecuritymanager" and "Administrator" role can create, delete or change the properties of a role. If you assign access for any other role to the Roles widget, users in that role will only be able to view roles and change access to views and dashboards.

Note: The access control settings are not observed when using the administrative widgets under the Console Settings node. Users with access to these dashboards and widgets will be able to create, edit, and delete all custom dashboards, widgets, and views. For example, if a user has no access to "Page Two", but has access to Pages, that user can edit all of the properties of "Page Two" and change access control settings. Keep this in mind when granting access to the Settings widgets for a role.

If a user is assigned to multiple roles, the user acquires the highest access level between these roles for a resource. For example, if a user belongs to the manager role with "Privileged User" access to a widget and also belongs to the communications role with no access to the widget, then the user has "Privileged User" access to the widget.

Tasks

You can grant access for multiple roles while creating or editing a resource, such as a dashboard or a widget. You can also grant access to multiple dashboards or views while creating or editing a role.