Setting the IEC user and role mappings

Use this procedure to set the secure role Mappings for IEC users.

  1. In the LCM Applications tab, select Space > grid node where IEC is installed.
  2. Right-click <IEC application name> > Configure Application.

    The Infor ION Grid Management Pages is displayed.

  3. Click the Edit Role Mappings link.

    The User and Role Mappings window is displayed.

    Note: For IEC, the roles defined in IFS are IECEC-Administrator and IECEC-User. These roles are mapped to the app-admin and app-user IEC-Grid roles respectively. So, if a user needs access to IEC as an app-admin, they must add an IECEC-Administrator (IFS) role to the user and the user will automatically have access to IEC as an app-admin.

    For information on Infor Federation Services (IFS), see Security considerations in M3 Core Installation Planning Guide.

    For information on defining role mappings, see Global Roles and Application Roles in Infor ION Grid Security Administration Guide.

    This table shows the default IEC application defined roles in grid. Note that all roles in this table have access to Mapping REST resource. Mapping Resource REST calls are needed for developing mappings.

    Role Role description
    app-admin

    Grants full access to all configurations and operational tasks.

    Rest calls allowed: Mapping/ DataTranslator Resources
    app-poweruser

    Grants access to a limited set of operational tasks, for example, log level.

    Role access: EC server pages

    Role limitations:

    • cannot start/stop EC nodes or modify EC application properties
    • no function for importing messages

    Rest calls allowed: Mapping Resources
    app-user

    Grants access to application defined operations.

    Role access: Basically, "app-user" role is limited to read-only access.

    Role limitations:

    • cannot start/stop EC nodes or modify EC application properties
    • no access to management tasks such as schedules, maintenance, backup restore, and backup/cleaning pages
    • cannot change the channel state, such as reload, pause, and others

    • no function for importing messages

      ClientDesigntime

    Rest calls allowed: Mapping Resources

    Role access: sets the user for EC tools design time

    Rest calls allowed: Mapping/ DataTranslator Resources

    Role limitations: no access to management tasks
    ServerRuntime

    Role access: sets the user for EC Server runtime.

    Rest calls allowed: Mapping plus testExecute method/ DataTranslator Resources

    Role limitations: no access to management tasks

    The Grid and its installed applications will each have a set of these roles, for example, ClientDesigntime<EC grid application>/app-admin.

    For each role there are two member groups, one for included members and the other for excluded members. Select the link to the group that you prefer to specify.

  4. In the Include Members column, click the Edit link.

    The Role Mappings window is displayed.

  5. Click the Add link.

    The Add Role Mappings to app-<admin> window is displayed.

  6. In the Global section, in Defined field, select authenticated and click Add.
  7. In the Application section, in Defined field, select an admin user role and click Add.
  8. Optionally, for custom setting, select a group in the Custom field and specify a user name in the next field.

    Click Add.

  9. In the Session Provider section, select the domain user level to use.

    For example, select Domain Admins (Designated administrators of the domain).

  10. Click Add.
  11. Click OK.

    The Role Mappings windows is displayed. A list shows the included members.

  12. Optionally, you can do these:

    To remove a member, click the red-x mark across a member name.

    To delete listed members, click the Remove All link.

  13. Click OK.
  14. Click on Save icon.

    The Save Configuration Changes window shows a list of your recent changes.

  15. Review the details and click Save to finalize.