App Layering roles define which App Layering modules (features) a user can manage. Any users assigned one or more roles can log into the management console. These users are listed in the System > Access Control tab.
App Layering users, rights, and roles
The App Layering service supports two types of users:
App Layering administrator. This account is unique to App Layering. You receive it when you first install the App Layering appliance and log on to the management console. You can use it to get started. This “built-in” administrator account has the rights to perform all App Layering operations. You can edit this administrator’s properties, including the name, password, and contact info. The first time you log into the appliance, you are required to change the password for this administrator and agree to the EULA.
Active Directory (AD) users. Other than the built-in administrator account, all App Layering users are AD users imported via one or more directory junctions. Once your directory junctions have been created, you can grant other rights to users. For more information, see Connect to a directory service.
You can select all the rights and roles for each user by selecting the following check boxes. If you select Administrator or Reader, all other check boxes are grayed out.
- Reader: Can log into the App Layering management console, but cannot modify anything.
- App Layer Contributor: Can add, edit, and delete application layers and versions.
- OS Layer Contributor: Can add, edit, and delete OS layers and versions.
- Platform Layer Contributor: Can add, edit, and delete platform layers and versions.
- Image Template Contributor: Can add, edit, and delete image templates.
- Image Publisher: Can publish images.
- Elastic Layer Assignment Contributor: Can add, edit, and delete Elastic Layer assignments.
- Administrator: Can do everything.
- Layer Importer: Can import OS layers, application layers, and platform layers from external sources.
- Layer Exporter: Can export OS layers, application layers, and platform layers to an external location.
- Platform Connector Contributor: Can add, edit, and delete platform connector configurations.
- Log Exporter: Can export and download the App Layering log package.
When you assign roles to Directory Service users, they can use their Directory Service credentials to log into the management console.
You can change a user’s role if you are logged into the management console as a user assigned the Administrator role.
Assign App Layering roles to users
Log in to the management console.
Select System > Access Control.
Select a user and click Edit. The Edit User blade opens.
Choose the role(s) for the selected user.
Click Confirm and Complete, then click Save.