Writing Rules for Resource Management Administrators
Use this procedure as a general guideline for setting up security for a Resource Management administrator—that is, someone who needs some but not all data accessible through the Resource Management Administrator.
Note: If someone needs access to all data accessible through
Resource Management, you can assign the AllRMAccess security class
to one of the user's roles. This class gives access to resource, role,
group, and structure data. However, if you give all access to role
and resource information to users, those users can add additional
roles themselves and therefore gain additional security privileges,
including the same access as a security super administrator.
To write rules for Resource Management administrators
- On the Profiles form, select the RM profile and click Use Selected.
- On the Security Class form, create a new security class.
- After you have added the class, click Rules for class and then Add Rule.
- Select a Resource Management securable object. You can select Group, Resource, Role, or Structure, or you can expand the Resource object and select any of the resource attributes.
- Set the access level.
- Click Apply.
- If the user needs access to the Schema Editor or to the mass assignment option in the Resource Management Administrator, create a security class in the Admin profile and assign this class to a role for the user.
- On the Security Classes form, select the new security class in the Admin profile and click Rules for class.
- Click Add Rules.
- Select the RMOBJECT securable type.
- Select Unconditional Access for Action.
- Click in the box to the right of Unconditional Access for Action and select the appropriate choice: M for access to the mass assignment function and S for access to the Schema Editor.
- Click Apply.