Advanced event mesh for SAP Integration Suite administrators can manage the roles assigned to other advanced event mesh users. As an administrator, you can assign roles to users. Each role has defined permissions, which allow or deny access to different sets of features in advanced event mesh.
The advanced event mesh user management system has the following components:
- Permissions
- Permissions provide your users with appropriate levels of access to advanced event mesh features based on the work they need to do.
- Roles
- Roles are sets of permissions that can be assigned to users. Users can have different roles in separate organizational accounts. For example, a user can have the Administrator role in one account, the Mission Control Viewer role in a second account, and the Event Portal Manager role in a third account.
- Users
- Users with the Administrator role can add, edit, and delete other users and manage the actions users can perform by assigning one or more roles.
For information about adding and managing users, see Configuring User Access.
User Management
User management includes a wide range of functionality, such as adding and deleting users, and controlling user activity through role assignments. Solace recommends following the security best practice to assign a role with the fewest permissions that a user requires.
The User Management tab on the Account Details page provides administrators with a dashboard to view and manage users, groups, roles, and permissions.
Roles and Permissions
Roles provide sets of permissions to users. You can assign one or more roles to each user. For example, you can assign a user the Mission Control Manager role to give them access to create and modify event broker services and event meshes in Cluster Manager and Mesh Manager.
You can assign the following roles in advanced event mesh:
- Administrator
- Administrators can create, manage, and delete users and event broker services. Administrators can also grant or deny access to Event Portal. This permission gives the user all the other roles listed here with the exception of the Insights Advanced Editor role. As an administrator, you can self-assign the Insights Advanced Editor role to yourself.
- Mission Control Manager
- Users can create, modify, and delete event broker service in Cluster Manager. Users with the Mission Control Manager role can also create, modify, and delete event meshes in Mesh Manager.
- Mission Control Viewer
- Users can view the details of an event broker service in Cluster Manager, but cannot edit or delete them. Users with the Mission Control Viewer can also view, scan, and run Health Checks on event meshes in Mesh Manager.
- Event Portal Manager
- Users can view, create, and modify any Event Portal architectures. Event Portal Managers can add users with the Event Portal User role to application domains and grant them Viewer-level access to that domain.
- Event Portal User
- Users have limited viewing access in Event Portal. By default, they can only view shared events, shared schemas, and Event API Products. Users can be given greater access to one or more application domains. For more information on Event Portal-specific roles, see Configuring User Access to Application Domains.
- Insights Advanced Editor
- Users have access to the Datadog setup that is part of Insights. Users with the Insights Advanced Editor role can view, edit, create, and clone dashboards and monitors.
- When this role is first assigned to a user profile, it triggers an invitation email to a Datadog account that is automatically created on behalf of the user. This Datadog account is separate from the advanced event mesh invitation. This role is assignable only when you are subscribed to Insights. The access provided as part of this role is not included with the Administrator role.
- Insights Advanced Viewer
- Users have access to view dashboards and monitors inside the Datadog setup that is part of Insights. They do not have permission to edit, create, clone, share, or perform any other actions to the dashboards and monitors.
- When this role is first assigned to a user profile, it triggers an invitation email to a Datadog account that is automatically created on behalf of the user. This Datadog account is separate from the advanced event mesh invitation. This role is assignable only when you are subscribed to Insights. The access provided as part of this role is not included with the Administrator role.