Granted System Privileges
The following core, user access, and predefined roles are available:
Core roles (always required):
scheduler-administrator- can perform all actions.scheduler-bae-only-user- indicates that the user account is restricted to logging in via the SAP Inbound interface, only.scheduler-isolation-administrator- can import and modify users.scheduler-screen-reader- indicates that you are using a screen reader.scheduler-user- has access to RunMyJobs only, cannot see any objects (always required, even for administrators).scheduler-viewer- read only access to all objects.redwood-administrator- can perform all actions.redwood-login- has access to RunMyJobs only, cannot see any objects (always required, even for administrators).redwood-support- read only access to all objects.
The user access roles are bound to features that require a specific license key:
scheduler-business-user- can access the business-user-centric user interface.scheduler-it-user- can access the it-user-centric user interface.
Predefined roles (optional):
scheduler-event-operator- can raise and clear events, as well as all privileges assigned toscheduler-viewer.scheduler-job-administrator- can create/edit/delete Event Definitions, Job Definitions, and Workflow Definitions and modify both processes, and chains, as well as all privileges assigned toscheduler-event-operator.redwood-operator- combination of the above two roles.
Note: The roles scheduler-business-user and scheduler-it-user are use by the Insight module.
Note: The scheduler-bae-only-user role actively prevents you from logging in from any other interface; for example, you will not be able to log into RunMyJobs from the web interface or from any other client with this role.
All users need at least the scheduler-user role, even if they have the scheduler-administrator role, or they will not be able to access RunMyJobs.
System privileges can be granted for the entire system or a Partition, this allows you to limit the privilege to objects in a particular Partition.
System-wide privileges are only valid in the Partitions the user has at least read privileges for.
The default grants of the above mentioned roles are as follows:
Administrator Role Privileges
| Role | System Privilege |
|---|---|
| scheduler-administrator | Application.Create |
| scheduler-administrator | Application.Delete |
| scheduler-administrator | Application.Modify |
| scheduler-administrator | Application.View |
| scheduler-administrator | EventDefinition.Clear |
| scheduler-administrator | EventDefinition.Create |
| scheduler-administrator | EventDefinition.Delete |
| scheduler-administrator | EventDefinition.Modify |
| scheduler-administrator | EventDefinition.Raise |
| scheduler-administrator | EventDefinition.View |
| scheduler-administrator | Format.Create |
| scheduler-administrator | Format.Delete |
| scheduler-administrator | Format.Modify |
| scheduler-administrator | Format.View |
| scheduler-administrator | Job.Delete |
| scheduler-administrator | Job.Modify |
| scheduler-administrator | Job.View |
| scheduler-administrator | JobDefinition.Create |
| scheduler-administrator | JobDefinition.Delete |
| scheduler-administrator | JobDefinition.DeleteJob |
| scheduler-administrator | JobDefinition.Modify |
| scheduler-administrator | JobDefinition.SubmitJob |
| scheduler-administrator | JobDefinition.View |
| scheduler-administrator | JobDefinitionType.Create |
| scheduler-administrator | JobDefinitionType.Delete |
| scheduler-administrator | JobDefinitionType.Modify |
| scheduler-administrator | JobDefinitionType.View |
| scheduler-administrator | JobFile.View |
| scheduler-administrator | JobLock.Create |
| scheduler-administrator | JobLock.Delete |
| scheduler-administrator | JobLock.Modify |
| scheduler-administrator | JobLock.View |
| scheduler-administrator | ProcessServer.Create |
| scheduler-administrator | ProcessServer.Delete |
| scheduler-administrator | ProcessServer.Modify |
| scheduler-administrator | ProcessServer.View |
| scheduler-administrator | Queue.Create |
| scheduler-administrator | Queue.Delete |
| scheduler-administrator | Queue.DeleteJobIn |
| scheduler-administrator | Queue.Modify |
| scheduler-administrator | Queue.SubmitJobIn |
| scheduler-administrator | Queue.View |
| scheduler-administrator | RegistryEntry.Create |
| scheduler-administrator | Resource.Create |
| scheduler-administrator | Resource.Delete |
| scheduler-administrator | Resource.Modify |
| scheduler-administrator | Resource.View |
| scheduler-administrator | SAPSystem.Create |
| scheduler-administrator | SAPSystem.Delete |
| scheduler-administrator | SAPSystem.Modify |
| scheduler-administrator | SAPSystem.View |
| scheduler-administrator | Service.Create |
| scheduler-administrator | Service.Delete |
| scheduler-administrator | Service.Modify |
| scheduler-administrator | Service.View |
| scheduler-administrator | Subject.View |
| scheduler-administrator | SubmitFrame.Create |
| scheduler-administrator | SubmitFrame.Delete |
| scheduler-administrator | SubmitFrame.Modify |
| scheduler-administrator | SubmitFrame.View |
| scheduler-administrator | TimeWindow.Create |
| scheduler-administrator | TimeWindow.Delete |
| scheduler-administrator | TimeWindow.Modify |
| scheduler-administrator | TimeWindow.View |
Isolation Administrator Role Privileges
| Role | System Privilege |
|---|---|
| scheduler-isolation-administrator | Subject.CanGrant |
| scheduler-isolation-administrator | Subject.Create |
| scheduler-isolation-administrator | Subject.Delete |
| scheduler-isolation-administrator | Subject.Modify |
| scheduler-isolation-administrator | Subject.View |
Secondary Role Privileges
| Role | System Privilege |
|---|---|
| scheduler-job-administrator | EventDefinition.Create |
| scheduler-job-administrator | EventDefinition.Delete |
| scheduler-job-administrator | EventDefinition.Modify |
| scheduler-job-administrator | Job.Modify |
| scheduler-job-administrator | JobDefinition.Create |
| scheduler-job-administrator | JobDefinition.Delete |
| scheduler-job-administrator | JobDefinition.DeleteJob |
| scheduler-job-administrator | JobDefinition.Modify |
| scheduler-job-administrator | JobDefinition.SubmitJob |
| scheduler-job-administrator | Queue.DeleteJobIn |
| scheduler-job-administrator | Queue.SubmitJobIn |
| scheduler-event-operator | EventDefinition.Clear |
| scheduler-event-operator | EventDefinition.Raise |
Generic Role Privileges
| Role | System Privilege |
|---|---|
| scheduler-viewer | Application.View |
| scheduler-viewer | EventDefinition.View |
| scheduler-viewer | Format.View |
| scheduler-viewer | Job.View |
| scheduler-viewer | JobDefinition.View |
| scheduler-viewer | JobDefinitionType.View |
| scheduler-viewer | JobFile.View |
| scheduler-viewer | JobLock.View |
| scheduler-viewer | ProcessServer.View |
| scheduler-viewer | Queue.View |
| scheduler-viewer | Resource.View |
| scheduler-viewer | SAPSystem.View |
| scheduler-viewer | Service.View |
| scheduler-viewer | Subject.View |
| scheduler-viewer | SubmitFrame.View |
| scheduler-viewer | TimeWindow.View |