Setting Up Users
Giving users the ability to access the management console and run its different functions is an important administrative task. Security is critical in any server environment. When you give users the ability to access the console, you must also define the extent of their capabilities and permissions.
The console helps you do this by having you place users into user groups or roles. The console provides a set of user groups or roles that model typical user functions, such as Server Administrators, Deployers, and Monitors. Each user group has a set of console functions accessible by any member of the group and its own set of permissions or capabilities that apply to all group members. You can change or delete these groups to meet your needs, plus you can add your own user groups.
There is an additional user group, Administrators, that has all capabilities and access to all console functions. (In Unix terms, this group is analogous to root or super user.) You cannot delete this user group. It is best to not change the Administrators group, but instead reserve it for those individuals to whom you want to grant complete control.
This page takes you through the basics of setting up users and groups. It shows how to create a new role or user group, assign permissions to that role, then add a new user. For complete information, see Managing Users and Roles. Note: To use the following functions, it’s best to be a user within the Administrator role.
Create a Role
Your company develops applications and deploys them on Mule servers. Your application developers need to be able to test and debug their applications before deploying them to the production environment.
As the Mule servers administrator, you want to create a special role or user group for your application developers. You want to give this Developers group permissions to deploy, test, and debug applications on a separate server reserved exclusively for development work. You also want to ensure that these developers do not deploy or test these beta versions on the production servers.
Start by creating a new user group or role. Click the Administration tab, then User Groups from the navigation bar. The User Groups pane displays the existing user groups. Click the New button to create a new role.
In the Add Group pane, give this new role the name Developers. Then, select both the global permissions for Developers as well as their server group permissions.
You want to give developers the necessary permissions to work on the development servers, which also serve as testing servers, but you do not want them to have these capabilities on production or other servers. Since you have already set up a server group for development, you select the Development server group from the Server Group Permissions pull-down list. Developers can have all server permissions on the development server, so click the Select All button beneath the Server Group Permissions column. The console checks all server-specific permissions and these permissions will be assigned to the Developers role on just the Development server(s).
Next, you want to assign the appropriate global permissions to your Developers group. You want this group to have all global permissions except those that pertain to managing server groups, user groups, and users. You click Select All beneath the Global Permissions column so that all permissions are checked, then scroll down and deselect the permissions you do not want to give to this role: Manage Server Groups, Manage User Groups, and Manage Users. When you have defined the Developers role to your liking, click Save. When ready to save, the Add Group might look as shown below.
Two cluster-related permissions are also listed in the server group permissions: Clusters - Create and Cluster- Disband, as shown below.
Add Developers as Console Users
After setting up the Developers Role, you’re ready to set up individual developers and give them access to the console. Click the Administration tab, then Users in the navigation tree. The Users pane displays the users who have been given access to the console. Click the New button to add new users.
When the Add User pane opens, set up the new user with suitable identifying information. Enter a username for this individual, his full name, email, and the password he will use to log on to the console, and confirm the password. Note that the password must be at least five characters long.
Be sure to assign the developer to the Developers user group. Click Developers in the Available Groups column, then the right arrow. The Developers role should appear in the Joined Groups column. Click Save to complete the add operation. The figure below shows how the Add User pane might look.
Continue adding any the remaining developers that you want to be in the Developers user group.
That’s all there is to it.