The Security Manager provides you with the ability to secure access to individual timetables in Business Calendar Manager. You use the Security Manager to assign roles to the members of an organization. It is these roles that determine the level of access to the timetables.
For each timetable within Business Calendar Manager, you can assign members to one of three roles–Owner, Writer, or Reader.
The Security Manager, which you use to administer role-based access control for Business Calendar Manager, is located in Business Space powered by WebSphere®.
This role-based access for Business Calendar Manager is based on XACML (eXtensible Access Control Markup Language), an open standard.
For example, you can specify that a user has access only to the user's own timetable and that the user does not have the ability to look at or change anyone else's timetable.
You map members to roles. It is the role that defines the permission members have to the specific instance of the resource.
When a timetable is installed, three roles are created for that timetable–Owner, Writer, and Reader.
How would these roles be used? Consider the case of a holiday timetable used in an organization. You want all employees to have access to the timetable, but you want to limit the number of employees who can update the timetable.
Members assigned to this role can read the Holiday timetable and can also write to it. For example, if the company decided to add an extra holiday, a member with the HolidayOwner role would be able to make the change.
Members of this role can also assign members to the HolidayWriter and HolidayReader role. For example, the HolidayOwner might decide to add a senior manager to the HolidayWriter role.
Members assigned to this role can read the Holiday timetable and can also write to it. As in the case of the HolidayOwner, members of the HolidayWriter role could add the extra holiday.
Members assigned to this role can read the Holiday timetable but cannot write to it.
In the Security Manager, these timetable-related roles are also known as module roles.
BPMAdmin has the authority to add members to or remove members from the BPMRoleManager role.
For example, if the person performing the BPMRoleManager role leaves the organization, only BPMAdmin can assign another member to that role.
BPMAdmin is initially assigned to one member–the primary administrative user. Change this assignment to another member as soon as you restart the server after installation or upgrade.
BPMRoleManager has the authority to add members to or remove members from the three timetable-related roles-Owner, Writer, and Reader.
For example, if a Holiday timetable is created, the BPMRoleManager assigns members to the HolidayOwner, HolidayWriter, and HolidayReader roles.
BPMRoleManager is initially assigned to one member–the primary administrative user. Change this assignment to another member as soon as you restart the server after installation or upgrade.
See the help topic in the Security Manager for information about how to perform these tasks.