Skip to end of metadata
Go to start of metadata

Scope

  • The JOC Cockpit implements Authentication and Authorization by a combination of Roles and Permissions.
  • Permissions are assigned to Roles which are then assigned to User Accounts.
  • The JOC Cockpit - Authentication and Authorization article provides a good introduction the Authentication and Authorization.

  • This article describes the default Roles and Permissions that are delivered with the JOC Cockpit.

Matrix of Roles and Permissions

The document below shows the default Roles and Permissions delivered with the JOC Cockpit shiro.ini configuration file. System administrators can define and modify roles and permissions as required.

The purpose of each role is explained in the notes at the foot of the matrix. Of particular interest is the api_user role that is not intended for use with the JOC Cockpit interface but is intended for use with the JobScheduler Web Service from another application. More information can be found in the Authentication and Authorization - Permissions for the JobScheduler REST Web Service article.

Permissions for the JOC CockpitRoles
No.JobScheduler ObjectDescriptionPermission AdministratorApplication ManagerIT OperatorIncident ManagerBusiness UserAPI User
1JOC CockpitAllows user to download JOC Cockpit log file from Dashboardsos:products:joc_cockpit:joc:view:logYESNONONONONO
2JobScheduler Mastermaster:view:status is the minimum permission required before a user can see any other information in the JOC Cockpit . Without this permission users are presented with an "Unauthorised to access JOC Cockpit" message on logging in.sos:products:joc_cockpit:jobscheduler_master:view:statusYESYESYESYESYESYES
Show parameters from scheduler.xmlsos:products:joc_cockpit:jobscheduler_master:view:parameterYESYESYESYESNOYES
View main logsos:products:joc_cockpit:jobscheduler_master:view:mainlogYESYESYESYESNOYES
Pausesos:products:joc_cockpit:jobscheduler_master:execute:pauseYESYESNONONONO
Continue / unpausesos:products:joc_cockpit:jobscheduler_master:execute:continueYESYESNONONONO
Terminate and then restartsos:products:joc_cockpit:jobscheduler_master:execute:restart:terminateYESNONONONONO
Abort and then restartsos:products:joc_cockpit:jobscheduler_master:execute:restart:abortYESNONONONONO
Terminatesos:products:joc_cockpit:jobscheduler_master:execute:terminateYESNONONONONO
Abortsos:products:joc_cockpit:jobscheduler_master:execute:abortYESNONONONONO
Edit Permissionssos:products:joc_cockpit:jobscheduler_master:administration:edit_permissionsYESNONONONONO
Manage log categoriessos:products:joc_cockpit:jobscheduler_master:administration:manage_categoriesNOYESNONONONO
Remove old instancessos:products:joc_cockpit:jobscheduler_master:administration:remove_old_instancesYESNONONONONO
3JobScheduler Master ClusterView Cluster Status information. Is required to see information in: - Dashboard Master Cluster Status Widget.sos:products:joc_cockpit:jobscheduler_master_cluster:view:statusYESYESYESYESYESNO
Failsafe termination of Clustersos:products:joc_cockpit:jobscheduler_master_cluster:execute:terminate_fail_safeYESNONONONONO
Restart Cluster sos:products:joc_cockpit:jobscheduler_master_cluster:execute:restartYESNONONONONO
Terminate Cluster sos:products:joc_cockpit:jobscheduler_master_cluster:execute:terminateYESNONONONONO
4JobScheduler Universal AgentView the status of Agent Clusters. Together with view status of Process Class is required to see: - Dashboard Agent Cluster Status Widget - Resources / Agent Clusters View.sos:products:joc_cockpit:jobscheduler_universal_agent:view:statusYESYESYESYESYESNO
Abort Agent then restartsos:products:joc_cockpit:jobscheduler_universal_agent:execute:restart:abortYESNONONONONO
Terminate Agent then restartsos:products:joc_cockpit:jobscheduler_universal_agent:execute:restart:terminateYESNONONONONO
Abort Agentsos:products:joc_cockpit:jobscheduler_universal_agent:execute:abortYESNONONONONO
Terminate Agentsos:products:joc_cockpit:jobscheduler_universal_agent:execute:terminateYESNONONONONO
5Daily Plan View status of the Daily Plan in: - the Dashboard Daily Plan Overview Widget, - the Daily Plan View.sos:products:joc_cockpit:daily_plan:view:statusNOYESYESYESYESNO
6HistoryView the History in: - the History View. Does not require additional Order or Job Chain Permissionssos:products:joc_cockpit:history:viewNOYESYESYESYESYES
7OrderView the Order status in: - the Dashboard Orders Overview and Orders Summary Widgets, - the Orders View Together with: - Job Chains View Status is required for viewing Order History in Job Chain Detail View.sos:products:joc_cockpit:order:view:statusNOYESYESYESYESYES
View Order configurationsos:products:joc_cockpit:order:view:configurationNOYESYESYESYESYES
View Order Logsos:products:joc_cockpit:order:view:order_logNOYESYESYESYESYES
Change time for ad hoc Orderssos:products:joc_cockpit:order:change:time_for_adhoc_ordersNOYESYESNONONO
Change Order parameterssos:products:joc_cockpit:order:change:parameterNOYESYESNONONO
Change Order start & end nodessos:products:joc_cockpit:order:change:start_and_end_nodeNOYESYESNONONO
Change Order runtime sos:products:joc_cockpit:order:change:run_timeNOYESYESNONONO
Change Order statesos:products:joc_cockpit:order:change:stateNOYESYESNONONO
Change Order Hot Foldersos:products:joc_cockpit:order:change:hot_folderNOYESYESNONONO
Start Ordersos:products:joc_cockpit:order:execute:startNOYESYESNONOYES
Update Ordersos:products:joc_cockpit:order:execute:updateNOYESYESNONONO
Suspend Ordersos:products:joc_cockpit:order:execute:suspendNOYESYESNONONO
Resume Ordersos:products:joc_cockpit:order:execute:resumeNOYESYESNONONO
Reset Ordersos:products:joc_cockpit:order:execute:resetNOYESYESNONONO
Remove Order Setbacksos:products:joc_cockpit:order:execute:remove_setbackNOYESYESYESNONO
Delete Order permanentlysos:products:joc_cockpit:order:delete:permanentNOYESYESNONONO
Delete Order temporarilysos:products:joc_cockpit:order:delete:temporaryNOYESYESNONONO
View Order Documentationsos:products:joc_cockpit:order:view:documentationNOYESYESYESYESNO
Assign Documentation to an Ordersos:products:joc_cockpit:order:assign_documentationNOYESYESNONONO
8Job ChainView the Job Chain configuration in: - the Job Chains View. Requires: - View Job Chains Status.sos:products:joc_cockpit:job_chain:view:configurationNOYESYESYESNONO
View Job Chain History in: - the Job Chain Detail View. Requires: - View Job Chains Status - View Order Status.sos:products:joc_cockpit:job_chain:view:historyNOYESYESYESYESNO
View Job Chain Statussos:products:joc_cockpit:job_chain:view:statusNOYESYESYESYESNO
Stop Job Chain executionsos:products:joc_cockpit:job_chain:execute:stopNOYESYESNONONO
Restart Job Chain executionsos:products:joc_cockpit:job_chain:execute:unstopNOYESYESNONONO
Add Order to Job Chainsos:products:joc_cockpit:job_chain:execute:add_orderNOYESYESNONONO
Skip Job Chain nodesos:products:joc_cockpit:job_chain:execute:skip_jobchain_nodeNOYESYESNONONO
Process Job Chain nodesos:products:joc_cockpit:job_chain:execute:process_jobchain_nodeNOYESYESNONONO
Stop processing of Job Chain nodesos:products:joc_cockpit:job_chain:execute:stop_jobchain_nodeNOYESYESNONONO
Modify Job Chainsos:products:joc_cockpit:job_chain:change:hot_folderNOYESYESNONONO
View Job Chain Documentationsos:products:joc_cockpit:job_chain:view:documentationNOYESYESYESYESNO
Assign Documentation to a Job Chainsos:products:joc_cockpit:job_chain:assign_documentationNOYESYESNONONO
9JobView the Job Status in: - the Job Viewsos:products:joc_cockpit:job:view:statusNOYESYESYESYESNO
View Job Configuration sos:products:joc_cockpit:job:view:configurationNOYESYESYESNONO
View Job Historysos:products:joc_cockpit:job:view:historyNOYESYESYESYESNO
View Job task logsos:products:joc_cockpit:job:view:task_logNOYESYESYESYESNO
Start Jobsos:products:joc_cockpit:job:execute:startNOYESYESNONOYES
Stop Jobsos:products:joc_cockpit:job:execute:stopNOYESYESNONONO
Unstop Jobsos:products:joc_cockpit:job:execute:unstopNOYESYESNONONO
Terminate Jobsos:products:joc_cockpit:job:execute:terminateNOYESYESNONONO
Kill Jobsos:products:joc_cockpit:job:execute:killNOYESYESNONONO
End all taskssos:products:joc_cockpit:job:execute:end_all_tasksNOYESYESNONONO
Suspend all taskssos:products:joc_cockpit:job:execute:suspend_all_tasksNOYESYESNONONO
Continue all taskssos:products:joc_cockpit:job:execute:continue_all_tasksNOYESYESNONONO
Change Job run-timesos:products:joc_cockpit:job:change:run_timeNOYESYESNONONO
Change Job Hot Foldersos:products:joc_cockpit:job:change:hot_folderNOYESYESNONONO
View Job Documentationsos:products:joc_cockpit:job:view:documentationNOYESYESYESYESNO
Assign Documentation to a Jobsos:products:joc_cockpit:job:assign_documentationNOYESYESNONONO
10Process ClassView status of Process Classsos:products:joc_cockpit:process_class:view:statusNOYESYESYESYESNO
View configuration of Process Classsos:products:joc_cockpit:process_class:view:configurationNOYESYESYESNONO
Modify Process Classsos:products:joc_cockpit:process_class:modify_hot_folderNOYESYESYESNONO
View Process Class Documentationsos:products:joc_cockpit:process_class:view:documentationNOYESYESYESYESNO
Assign Documentation to a Process Classsos:products:joc_cockpit:process_class:assign_documentationNOYESYESNONONO
11SchedulesView Schedule statussos:products:joc_cockpit:schedule:view:statusNOYESYESYESYESNO
View Schedule configurationsos:products:joc_cockpit:schedule:view:configurationNOYESYESYESNONO
Remove Schedulesos:products:joc_cockpit:schedule:edit:removeNOYESYESNONONO
Add substitute Schedulesos:products:joc_cockpit:schedule:add_substituteNOYESYESNONONO
Modify Schedulesos:products:joc_cockpit:schedule:modify_hot_folderNOYESYESYESNONO
Modify Hot Foldersos:products:joc_cockpit:schedule:change:hot_folderNO
View Schedule Documentationsos:products:joc_cockpit:schedule:view:documentationNOYESYESYESYESNO
Assign Documentation to a Schedulesos:products:joc_cockpit:schedule:assign_documentationNOYESYESNONONO
12LocksView Lock statussos:products:joc_cockpit:lock:view:statusNOYESYESYESYESNO
View Lock configurationsos:products:joc_cockpit:lock:view:configurationNOYESYESYESNONO
Modify Locksos:products:joc_cockpit:lock:modify_hot_folderNOYESYESYESNONO
View Lock Documentationsos:products:joc_cockpit:lock:view:documentationNOYESYESYESYESNO
Assign Documentation to a Locksos:products:joc_cockpit:lock:assign_documentationNOYESYESNONONO
13EventsView Event Statussos:products:joc_cockpit:event:viewNOYESYESYESNONO
Delete Eventsos:products:joc_cockpit:event:deleteNOYESYESNONONO
14Event ActionsView Event Action statussos:products:joc_cockpit:event_action:view:statusNOYESYESYESNONO
Manually create an Event Actionsos:products:joc_cockpit:event_action:create_event_manuallyNOYESYESNONONO
15Holiday CalendarsView status of Holiday Calendersos:products:joc_cockpit:holiday_calendar:view:statusNOYESYESYESYESNO
16Maintenance WindowsView status of Maintenance Windowsos:products:joc_cockpit:maintenance_window:view:statusNOYESYESYESYESNO
Enable or disable Maintenance Windowsos:products:joc_cockpit:maintenance_window:enable_disable_maintenance_windowNOYESNONONONO
17Audit LogView Audit Logsos:products:joc_cockpit:audit_log:view:statusNOYESYESYESYESNO
18CustomizationsView shared Customizationsos:products:joc_cockpit:customization:share:viewNOYESYESYESYESNO
Delete a shared Customizationsos:products:joc_cockpit:customization:share:change:deleteNOYESNONONONO
Edit a shared Customizationsos:products:joc_cockpit:customization:share:change:edit_contentNOYESNONONONO
Make a shared Customization privatesos:products:joc_cockpit:customization:share:change:shared_status:make_privateNOYESNONONONO
Share a private Customizationsos:products:joc_cockpit:customization:share:change:shared_status:make_sharedNOYESNONONONO
19CalendarsView a Calendarsos:products:joc_cockpit:calendar:view:statusNOYESYESYESYESNO
Change a Calendarsos:products:joc_cockpit:calendar:edit:changeNOYESNONONONO
Delete a Calendarsos:products:joc_cockpit:calendar:edit:deleteNOYESNONONONO
Create a Calendarsos:products:joc_cockpit:calendar:edit:createNOYESNONONONO
Change a Calendar Assignmentsos:products:joc_cockpit:calendar:assign:changeNOYESNONONONO
Assign a Non-Working Day Calendarsos:products:joc_cockpit:calendar:assign:nonworkingNOYESNONONONO
Assign a Runtimesos:products:joc_cockpit:calendar:assign:runtimeNOYESNONONONO
View Calendar Documentationsos:products:joc_cockpit:calendar:view:documentationNOYESYESYESYESNO
Assign Documentation to a Calendarsos:products:joc_cockpit:calendar:assign_documentationNOYESYESNONONO
20YADEView File Transfer Statussos:products:joc_cockpit:yade:view:statusNOYESYESYESYESNO
View File Transferssos:products:joc_cockpit:yade:view:transfersNOYESYESYESNONO
View File Transfer Filessos:products:joc_cockpit:yade:view:filesNOYESYESYESNONO
Start File Transferssos:products:joc_cockpit:yade:execute:transfer_startNOYESYESNONONO
21DocumentationView Documentation Administration/Tabsos:products:joc_cockpit:documentation:viewNOYESYESNONONO
Import Documentation Administration/Tabsos:products:joc_cockpit:documentation:importNOYESNONONONO
Export Documentation Administration/Tabsos:products:joc_cockpit:documentation:exportNOYESNONONONO
Delete Documentation Administration/Tabsos:products:joc_cockpit:documentation:deleteNOYESNONONONO
AnnotationsThe terms for roles are mainly derived from an ITIL vocabulary.
1) AdministratorThis is a technical role without any responsibilities in the IT process.
2) Application ManagerThis an engineering role with in-depth knowledge of jobs and job chains, e.g. for Change Management, however, this role is not necessarily involved in daily operations.
3) IT OperatorThis is the role for daily operations of jobs and job chains
4) Incident ManagerThis role is for the IT Service Desk, e.g. 1st and 2nd level support, interventions and incident management.
5) Business UserThis role is for backoffice users that are not responsible for IT operations, but possibly for the business process and therefore interested to stay informed about the status of business processes.
6) API UserThis role is intended for applications that access JobScheduler via its API. Permissions are restricted to objects that are created by this role.

Examples

Allow orders only to be viewed and executed

In this example Order view and execute permissions are granted: by default all other Order Permissions are not granted.

Allow orders to be viewed and executed, but no other functions  Expand source

Allow all order operations except changing and removing orders

In this example all Order Permissions are granted and then the Order change and remove Permissions are revoked.

Note that this example uses permissions for the Web Services API - i.e . sos:products:commands:....

Allow all order operations except changing and removing orders  Expand source

References