C Appendix: BDI Security Roles and Groups
BDI Batch Admin Security
The following list shows the available BDI Edge Job Security groups in IDCS or OCI IAM. The customer can create an IDCS or OCI IAM user and assign to the proper group based on job duties:
-
BdiEdgeSimJobAdminGroup
-
BdiEdgeSimJobMonitorGroup
-
BdiEdgeSimJobOperatorGroup
Note:
In stage environment, the preprod suffix is added to the groups.
Table C-1 BDI Batch Admin Role/Groups
Role Name | Admin Role | Operator Role | Monitor Role |
---|---|---|---|
Group Name | BdiJobAdminGroup | BdiJobOperatorGroup | BdiJobMonitorGroup |
Edit configuration from UI |
Yes |
No |
No |
Create/update/delete system options |
Yes |
No |
No |
Create/update/delete system credentials |
Yes |
No |
No |
View credentials |
Yes |
No |
No |
Run Jobs |
Yes |
Yes |
No |
Monitor Jobs |
Yes |
Yes |
Yes |
HTTP GET method access to rest services |
Yes |
Yes |
Yes |
HTTP POST/PUT/DELETE method access to rest services |
Yes |
Restricted to few services. |
No |
BDI Process Flow Security
The following list shows the available BDI Process Flow Enterprise Security groups in IDCS or OCI IAM. The customer can create an IDCS or OCI IAM user and assign to the proper group based on job duties:
-
BdiProcessAdminGroup
-
BdiProcessOperatorGroup
-
BdiProcessMonitorGroup
Note:
In stage environment, the *_PREPROD suffix is added to the groups.
Table C-2 BDI Process Flow Security Roles/Groups
Role Name | Admin Role | Operator Role | Monitor Role |
---|---|---|---|
Group Name | BdiProcessAdminGroup | BdiProcessOperatorGroup | BdiProcessMonitorGroup |
Update Process DSL |
Yes |
No |
No |
Start/Restart Process |
Yes |
Yes |
No |
All other services |
Yes |
Yes |
No |
Read only Access to Process Flow Live, Manage Process Flow, Historical Process Flow Executions, System Logs UI tabs. |
Yes |
Yes |
Yes |
HTTP GET method access to rest services |
Yes |
Yes |
Yes |
HTTP POST/PUT/DELETE method access to rest services |
Yes |
Restricted to few services. |
No |
BDI Scheduler Security
The following list shows the available BDI Scheduler Enterprise Security groups in IDCS or OCI IAM. The customer can create an IDCS or OCI IAM user and assign to the proper group based on job duties:
-
BdiSchedulerAdminGroup
-
BdiSchedulerOperatorGroup
-
BdiSchedulerMonitorGroup
Note:
In stage environment, the *_PREPROD suffix is added to the groups.
Table C-3 BDI Process Flow Security Roles/Groups
Role Name | Admin Role | Operator Role | Monitor Role |
---|---|---|---|
Group Name | BdiSchedulerAdminGroup | BdiSchedulerOperatorGroup | BdiSchedulerMonitorGroup |
View and search |
Yes |
Yes |
Yes |
Create schedule |
Yes |
No |
No |
Edit schedule |
Yes |
No |
No |
Delete schedule |
Yes |
No |
Yes |
Manual run schedule |
Yes |
Yes |
Yes |
Disable schedule |
Yes |
Yes |
No |
Enable schedule |
Yes |
Yes |
No |
HTTP GET method access to rest services |
Yes |
Yes |
Yes |
HTTP POST/PUT/DELETE method access to rest services |
Yes |
Yes |
No |