User Roles Defining Administrative Privileges
When administrative security is enabled, your default administrator account is assigned ROLE_ADMIN, ROLE_RESERVATIONS, ROLE_DROPCLIENT, and ROLE_READ, giving you full rights to administer the license server. Any user account that you create can be assigned one or more roles of these roles, including ROLE_ADMIN to create another administrator.
Keep in mind that any role can perform capability exchanges and synchronization operations as this functionality is exempt from security measures.
|
Role |
Privileges |
|
ROLE_READ |
Privileges to perform “read” operations (for example, to query features, licenses, reservations, or server status). When no other role is assigned to a user account, ROLE_READ is assigned by default as the only role. Additionally, depending on the administration security configuration, either every account is automatically given “read” rights, or you are required to assign ROLE_READ explicitly to each account to give it “read” rights. See Policy Affecting “read” Security. |
|
ROLE_RESERVATIONS |
Privileges to add and delete reservations. |
|
ROLE_DROPCLIENT |
Privileges to delete client records on the license server. |
|
ROLE_ADMIN |
Administrator privileges to update license server policies (local license server only), create and manage other enterprise user accounts, and perform other administrative tasks, such as suspend or resume the license server. |
|
ROLE_PRODUCER |
Privileges given to a producer account (by convention, the account named "producer"). Required to supply or delete checkout filters (these are selective license filters customizable by the producer), and change configuration values not editable by the administrator account (for example, lfs.syncTo.enabled). |