2.4.5 Configuring role definitions

You can recursively specify roles in order to create a role hierarchy. A permission is a domain-like identifier that grants a given entity access to perform some function within Viewpoint (for example, "exit", "setFactory", "print.queueJob").

To configure role definition

1. Open the core.xml file located in the Viewpoint home directory. Locate the <security> element.
2. Use the <role-definition> section to define groups of permissions.
1. Specify the <permission> element.


The naming convention follows the hierarchical property naming convention. An asterisk can appear by itself, or if immediately preceded by a "." can appear at the end of the name to signify a wildcard match. For example, "*" and "java.*" are valid, while "*java", "a*b", and "java*" are not valid.

2. Set the <permission> name to the name of the permission you wish to grant the user. For a list of Viewpoint permission names, see Setting permissions.

Example 2-1: Role definitions configuration

<role-definitions>
  <definition name="user">
    <permission name="archive.create"/>
    <permission name="archive.read"/>
    <permission name="archive.restore"/>
    <permission name="cart.read"/>
    <permission name="cart.update"/>
    <permission name="cart.delete"/>
  </definition>
  <definition name="admin">
    <permission name="user.*"/>
    <role name="user"/>
  </definition>
</role-definitions>

Related topics 

• Configuring the request handler
• Configuring login modules
• Configuring the permissions map
• Setting permissions

© 2012 Adaptive Computing