A common question that customers ask is how to allow a user to log in and view security-related information (users, groups, roles, server and object groups, rights, and so on) without being able to make any changes.
The API Role Management option controls which features are available to users of the security application. You can use API Role Management to create a "read-only" role and assign one or more user groups to it. The users in the assigned group or groups will be able to log in with read-only access.
Add a read-only role
- Select API Role Management and click to add a new API Role. The API Role Create window opens.
- Expand each category of rights (such as Audits, Users, and User Groups) by clicking the plus sign next to each one.
- For each category, select the Read right. Depending on your selection, other check boxes in the dialog that the selected right is dependent on may also be selected automatically.
- Be sure to select the last right (Manage User Settings/Info). Users must have this right to be able to log in to the security application.
- On the Groups tab, enter the name or names of the User Group or Groups to which you want to grant read-only access. The example below shows a group called "WSM Read-Only."
- Click Save.
In the API Role Management list, the new saved role looks like this:
When you click the Display Groups button in the role's column header to view the groups that are associated with this role, you will see the group that you assigned: