Editing Role Mappings

  1. After navigating to the role mappings pages as described above, identify an application defined role that you want to edit mappings for from the list.
  2. Click the Edit link in the Included Members column in order to create including mappings, or click on the Edit link in the Excluded Members column in order to create an excluding mapping.

    After you click the Edit link, you are presented with a dialog box that shows all roles already mapped to this application role. You can use this dialog box to remove some or all of the mappings, or to access the Add Role Mappings dialog box that allows you to select new roles to be mapped. For important information about the Add Role Mappings dialog box, see Add Role Mappings Dialog Box .

  3. If you want to add role mappings, click Add to access the Add Role Mappings dialog box.
  4. Select the type of domain whose roles you want to map to the role you selected above.
  5. Select the role you want to map to the role you selected above and click Add. (You must click Add after you select the role, or else the role mapping will not be formed.)
  6. Repeat the previous two steps until you have completed the role mapping.

Add Role Mappings Dialog Box

This dialog box always has a particular (application defined) role in focus. The role in focus is the role belonging to the Edit link you clicked in order to get to this dialog box. So, this dialog box is used to map other roles to the role in focus. If you want to map roles to another role, you should close this dialog box and select the different role. This dialog box has three parts belonging to the three different role domains.

  1. The first is the global domain. Here you may select from the global Lawson Grid defined roles. This enables you to specify such things as: If you are global grid-admin, you should also be app-admin in application A (provided that it is that application defined role you are currently working with). The custom field in this domain section lets you specify individual uses.

  2. The second domain is application defined roles. Here you may select from all application defined roles of all applications deployed in the grid. This enables you to specify such things as: If you are app-admin in application A, you should also be app-admin in application B. The custom field in this domain enables you to form mappings from application defined roles that aren’t properly declared by the application but that you actually know exist. This situation is unusual and should not be used unless so instructed by that application’s manual.

  3. The final domain is the session provider domain. Here you may select session provider defined roles and map them to the application defined role that you are currently working with. The list of session provider defined roles may be long, so the dialog provides a filter mechanism that enables you to sort through the roles before adding them.

Regardless of which domain you pick your roles from, a corresponding Add button to the right is used to actually create the mapping. Note that the Add button has to be clicked to actually form the mapping. Selecting a role and closing this dialog box without clicking the Add button will not form a mapping. The dialog box is designed so that you may select and add many roles from different domains before finally closing the dialog box. As you add roles in this dialog box, the list of roles that will be added when closing the dialog box is displayed at the bottom.