Assign roles

App Layering roles define which App Layering modules (features) a user can manage. Any users assigned one or more roles can log into the management console. These users are listed as administrators in the Users > Administrators tab.

App Layering user, rights, and roles

The App Layering service supports two types of users:

• App Layering administrator account. This account is unique to App Layering. It is the account you receive when you first install the App Layering appliance and log onto the management console, and you can use it to get started. This “built-in” administrator account has the rights to perform all App Layering operations. You can edit this administrator’s properties, including the name, password, and contact info. The first time you log into the appliance, you are required to change the password for this administrator.

• Active Directory (AD) user accounts. Other than the built-in administrator account, all App Layering users are AD users imported via one or more directory junctions. Once your directory junction(s) have been created, you can assign roles to users, as described later in this topic. You can see which roles are assigned to a user in the User Details.

Rights and roles

Administrator rights

• Can do every operation available in the Management Console.
• Only users assigned the Administrator Role can edit user properties on the Users tab (Select Users > Users).
• Only administrators can configure system settings and manage licenses.

Manage App Layers rights

• Can create, edit, and delete application layers and versions.

Manage Elastic Layer Assignments rights

• Can add, update, and remove Elastic layer assignments.

Manage Image Templates rights

• Can create, edit and delete Image templates.
• Can add, update, and remove app layer assignments for image templates.
• Can update platform layer assignments for image templates.
• Can update OS layer assignments for image templates.

Manage OS Layers rights

• Can create, edit, and delete OS layers and versions.

Manage Platform Layers rights

• Can create, edit, and delete Platform layers and versions.

Publish Layered Images rights

• Can publish layered images.
• Cannot create or modify existing image templates.

Read Only rights

• Can view information about any items in the Management Console.
• Cannot launch any wizards or make any changes.
• The Read Only user cannot cancel any tasks.

User credentials for logging into the management console

When you assign roles to Directory Service users, they can use their Directory Service credentials to log into the management console.

Who can assign App Layering roles?

You can change a user’s role if you are logged into the management console as a user assigned the administrator role.

Assign App Layering roles to users

1. Log into the Management Console.

2. Select Users > Users.

3. Select a user and click Edit Properties. The Edit User wizard opens.

4. Skip to the Roles tab and then select one or more roles for this user. For details, see Rights and roles earlier in this article.

5. In the Confirm and Complete tab, click Update User. Any comments you enter appear in the Information view Audit History.