User Management Roles
Eleveo.admin is the default user of the User Management application. The user is assigned the User Management/user-management-admin
composite role, which consists of several effective roles, enabling the user to perform administrative tasks.
All default User Management roles are grouped under the User Management
application.
The table below lists all default effective roles and their assignment to the composite role.
Name of an effective role | Action allowed | Dependencies on other roles | Assignment to user-management-admin (composite role) | Application |
---|---|---|---|---|
manage-custom-roles | Allows the user to manage (create/edit/remove) custom roles. It doesn't work without the view-custom-roles role. | view-custom-roles | x | User Management |
manage-groups | Allows the user to modify group settings. It doesn't work without the manage-users role. | manage-users | x | |
manage-identity-providers | Allows the user to access the Identity Providers menu item and the Identity Providers screen, as well as display all providers. | x | ||
manage-federations | Allows the user to see the User Federation menu item and the Add user federation provider screen, as well as to add and modify the user federation provider's settings. | x | ||
manage-licences | Allows the user to access the License Management menu item where the user can upload/edit or see an overview of license usage. | x | ||
manage-settings | Allows the user to access the Realm Settings menu item where the user can edit a default time zone setting. | x | ||
manage-provider-clients | Allows the user to see the Create button on the Provider Clients screen. It doesn't work without the view-provider-clients role. | view-provider-clients | x | |
manage-users | Allows the user to add a user or to modify user settings (including changing a password and assigning roles). It doesn't work without the view-users role. | view-users | x | |
manage-events | Allows the user to display logs (realm events) and their settings. | x | ||
query-realms | Allows the user to display information about the realm. | x | ||
query-groups | Allows the user to display the existing groups on the Groups screen. | view-users (included) | x | |
query-users | Allows the user to display the existing user accounts on the Users screen. | view-users (included) | x | |
query-clients | Allows the user to display the existing clients on the Provider Clients screen. | view-clients (included) | x | |
view-authorization | Allows the user to display the My Account section. | x | ||
view-clients | Allows the user to add a new provider client (use the Create button on the Provider Clients screen). It doesn't work without the view-provider-clients and manage-provider-clients roles. Includes also the query-clients role. | view-provider-clients , manage-provider-clients | x | |
view-custom-roles | Allows the user to see the Manage Roles menu item and the Roles screen, as well as to display all existing custom roles. | x | ||
view-identity-providers | Allows the user to add or edit an identity provider. It doesn't work without the manage-identity-providers role. | manage-identity-providers | x | |
view-provider-clients | Allows the user to see the Provider Clients menu item and the Provider Clients screen, as well as display all existing clients. | x | ||
view-realm | Allows the user to see the Sessions menu item and the Sessions screen, as well as to display active clients and their settings. | x | ||
view-users | Allows the user to see the Users and the Groups menu items and the Users screen and the Groups screens. Allows seeing the settings of a user, except the Credentials tab and assigned roles. Includes also the query-groups and query-users roles. | x | ||
delete-users | Allows the user to delete the existing user accounts. | |||
manage-password-policies | Allows the user to see the Authentication menu item and the Authentication screen, as well as add, edit or remove password policies. | x |
Note that the delete-users
role is not assigned by default to the eleveo.admin user. We recommend that users be disabled, not deleted. Deleting users may cause database inconsistencies and the loss of historical data associated with them.