Manage Access to iCore tools Based on User Roles
This topic explains how you can control which iCore tools a specific Administrator user role has access to in the Administrator interface (the "Tools" drop-down menu in the App header area, see Administrator GUI).
Access to tools is managed with cmdlets in the iCore.Administrator.Configuration module.
Adding rules for tools
Access to tools is controlled by adding or removing rules for each tool type. Each tool in the list below can be either included or excluded:
- All
- LocalSettings
- Export
- Import
- CreateNewSystem
- UpgradeSystem
- iCorePowerShellConsole
- RunComponentTool
- CodeGenTool
note
"All" is a wildcard with the following effect:
- included – all tools are available
- excluded – no tools are available
Example: If "All" is set to included, but "Export" and "Import" are explicitly set to excluded, all tools except those two will be available in the menu.
What about the development tools?
Access to the Adapterflow Wizard, the Developer (Scripts), the Workflow Designer and Web API editor is controlled via User groups in the iCore system (permissions on entity level for Adapterflow, Scripts, Workflows and Web APIs respectively).
Examples
To make all tools except Export and Import available in the menu (for the "Administrators" user role):
Add-iCoreAdminRoleToolsRule -SiteName "My iCore Site" `
-Role "Administrators" `
-IncludedTools All `
-ExcludedTools Import,Export
This results in the following rule:
Tool | IsIncluded |
---|---|
All | True |
Import | False |
Export | False |
Parts of the rule can also be removed by running the Remove-iCoreAdminRoleToolsRule cmdlet, where the specified tool type is removed from the rule. Note that the tool is removed regardless if it has been set as included or excluded.
To remove the exclusion of the Export tool from the above rule:
Remove-iCoreAdminRoleToolsRule -SiteName "My iCore Site" -Role "Administrators" -Tool Export
The rule is now:
Tool | IsIncluded |
---|---|
All | True |
Import | False |
To see an overview of the rule applied to the "Administrators" role:
Get-iCoreAdminRoleToolsRules -SiteName "My iCore Site" -Role "Administrators"