Configuring role mappings

When you configure role mappings, you will need to select a role and the type of mapping (inclusive or exclusive) that you want to use. You perform this selection on the first role mapping page, which has the following columns:

Column Description
Roles The name of the role.
Included Members A list of included users/groups/roles that should be mapped into the grid role. Select the "Edit…" link to add or remove from this list.
Excluded Members A list of excluded users/groups/roles that should be mapped into the grid role. Select the "Edit…" link to add or remove from this list.
Description A description of the grid role. Hover over the string if it is too long to display in full.

The included/excluded lists can be used to grant access to a subset of users in a group. Assume that group Alpha is granted access to grid-admin, and that group Beta is excluded from it. Any member of both Alpha and Beta will NOT get the grid-admin role. Only users that are members of Alpha but NOT Beta will be grid-admins. The included/excluded lists can contain both role names and individual users.

Any new role mappings are assigned at the next login. Already logged on users that would have the new roles will not get them until they first log out and log on again.

  1. After navigating to the role mappings pages as described above, identify an application-defined role that you want to configure mappings for from the list.
  2. Click the Edit link in the Included Members column. It is important to note that once you click the Edit link for a particular role, you are in the context of that role. Any mappings will be for that role. For example, if you clicked Edit for the grid-admin role, all mappings you configure will be for that role until you return to the list of roles and select a different role.

    After you click Edit, a new window opens named "Role mappings" with the text "Members included in <roleName>". On the left side there is a list of included members or the text "<no included members>" if no mapping has been configured yet.

  3. Click Add... to add role mappings.

    After you click Add..., the Add Role Mappings window appears. In this window, you will make new mappings for the selected role, for example, for grid-admin. There are three different sources to map groups/roles into Grid roles from.

  4. Select the source whose roles you want to map to the role you selected above, and then click Add on the same row where the selection was made. It is not enough to click OK at the bottom. Every added group must be added using the correct Add button before adding another mapping. When done adding members, click Ok to confirm.
  5. In the Role mapping window, the added members should appear in the last on the left. Click OK to confirm.
  6. In the window with the list of roles, click Save in the upper left corner.