Skip to main content

Workflow with Role Based Access Enabled

The following workflow summarizes the necessary steps involved to deploy a job once Role Based Access is enabled and roles have been assigned.

Step 1 – The Job Builder creates and configures a Access Analyzer job

Step 2 – The Job Approver reviews a new or edited job’s configuration, and either approves or rejects it

Lock Job option in right-click menu

  • If a job is approved, then a lock needs to be applied by right-clicking the job title in the Jobs tree and selecting Lock Job
  • If a job is rejected, then the job remains unlocked
  • If the Lock Job option is visible, then the job has not yet been approved
  • If the Lock Job option is not visible, then the job has been approved

Unlock Job option in right-click menu

Step 3 – The Job Initiator can choose to run the job directly through the Access Analyzer Console or schedule it to run with the Schedule Service Account. This user will know the job was approved by the grayed-out Unlock Job option in the right-click menu.

  • Job Initiator/Job Initiator (No Actions) – The Job Initiator can only execute locked job.

    • For the Job Initiator (No Actions) role, the user is unable to execute a job which contains configured actions, even if it is approved and locked
    • Both roles can enable and disable job groups and jobs regardless of whether or not they are locked. Disabled jobs are grayed out with a red x next to it and are not executed with the job group. When applied at the job group level, all nested jobs are disabled and do not run. However, any new job added to that group is enabled by default.

    NOTE: The Job initiator can also publish the reports already generated by the job.

  • Publish – To publish reports which have already been generated to the Web Console

Report under the Results Node in the Jobs Tree

Step 4 – After a job has been successfully run, the Job Viewer can now view the results of the job under the job’s Status and Results node, or in the Web Console. See the Viewing Generated Reports topic for additional information.

NOTE: The Job Builder, Job Approver, and Job Initiator may also view these results within the Access Analyzer Console. Additionally, users with these roles can view reports within the Web Console.

Other Console Roles

Any modifications needed in the Settings or Host Management nodes must be done by the corresponding administrator role (Global Options Administrator, Access Administrator, or Host Management Administrator). These roles can be used in conjunction with any other role (for example, a user can be a Job Builder and Global Options Administrator in order to build jobs and manage corresponding Connection Profiles).

Web Administrator

The Web Administrator can view all reports within the Web Console.

In addition to viewing report content, Web Administrators can view tags and report permissions.

Remember, a user with only the Web Administrator role is unable to access the Access Analyzer Console.

Report Viewer

The Report Viewer can view reports within the Web Console according to where the user’s role was assigned: global, job group, job, or report configuration.

Remember, a user with only the Report Viewer role is unable to access the Access Analyzer Console.