Users and roles

When a user logs on using the LifeCycle Manager Client, the user ID and password are sent over an encrypted SSL connection to the LifeCycle Manager Server. The server authenticates the user against an LDAP server and checks if the user is a member of the LifeCycle Manager user group. If no such group has been defined, all users that can be found in LDAP using the defined user search filter are allowed to log on. The Client only displays the tasks that the user is allowed to perform. Therefore, for a viewer user, only a few or no tasks at all will be displayed when the user is positioned on a node in the tree.

There are three levels of users in an LifeCycle Manager environment:


On an M3 Business Engine (BE) installation, the administrator group BEAdmins is defined. On the PROD environment under the M3 BE installation, the administrator group ProdAdmins is defined.

Alice is a member of the BEAdmins group. Therefore, she is allowed to administer both the BE installation and all environments under it. She can also create new BE environments and set administrator groups for them.

Bob is a member of the ProdAdmins group. He is allowed to administer the PROD environment, but not the BE installation, nor any other environments under it. Bob is not allowed to change the administrator group for the PROD environment.