Granted System Privileges
The following core, user access, and predefined roles are available:
Core roles (always required):
scheduler-administrator- can perform all actions.scheduler-bae-only-user- indicates that the user account is restricted to logging in via the SAP Inbound interface, only.scheduler-isolation-administrator- can import and modify users.scheduler-screen-reader- indicates that you are using a screen reader.scheduler-user- has access to Redwood Server only, cannot see any objects (always required, even for administrators).scheduler-viewer- read only access to all objects.redwood-administrator- can perform all actions.redwood-login- has access to Redwood Server only, cannot see any objects (always required, even for administrators).redwood-support- read only access to all objects.
The user access roles are bound to features that require a specific license key:
scheduler-business-user- can access the business-user-centric user interface.scheduler-it-user- can access the it-user-centric user interface.
Predefined roles (optional):
scheduler-event-operator- can raise and clear events, as well as all privileges assigned toscheduler-viewer.scheduler-job-administrator- can create/edit/delete event definitions, Process Definitions, and Chain Definitions and modify both processes, and chains, as well as all privileges assigned toscheduler-event-operator.redwood-operator- combination of the above two roles.
Note: The roles scheduler-business-user and scheduler-it-user are use by the Insight module.
Note: The scheduler-bae-only-user role actively prevents you from logging in from any other interface; for example, you will not be able to log into Redwood Server from the web interface or from any other client with this role.
All users need at least the scheduler-user role, even if they have the scheduler-administrator role, or they will not be able to access Redwood Server.
System privileges can be granted for the entire system or a partition, this allows you to limit the privilege to objects in a particular partition.
System-wide privileges are only valid in the partitions the user has at least read privileges for.
The default grants of the above mentioned roles are as follows:
The Administrator role privileges.
| Role | System Privilege |
|---|---|
| scheduler-administrator | Application.Create |
| scheduler-administrator | Application.Delete |
| scheduler-administrator | Application.Modify |
| scheduler-administrator | Application.View |
| scheduler-administrator | EventDefinition.Clear |
| scheduler-administrator | EventDefinition.Create |
| scheduler-administrator | EventDefinition.Delete |
| scheduler-administrator | EventDefinition.Modify |
| scheduler-administrator | EventDefinition.Raise |
| scheduler-administrator | EventDefinition.View |
| scheduler-administrator | Format.Create |
| scheduler-administrator | Format.Delete |
| scheduler-administrator | Format.Modify |
| scheduler-administrator | Format.View |
| scheduler-administrator | Job.Delete |
| scheduler-administrator | Job.Modify |
| scheduler-administrator | Job.View |
| scheduler-administrator | JobDefinition.Create |
| scheduler-administrator | JobDefinition.Delete |
| scheduler-administrator | JobDefinition.DeleteJob |
| scheduler-administrator | JobDefinition.Modify |
| scheduler-administrator | JobDefinition.SubmitJob |
| scheduler-administrator | JobDefinition.View |
| scheduler-administrator | JobDefinitionType.Create |
| scheduler-administrator | JobDefinitionType.Delete |
| scheduler-administrator | JobDefinitionType.Modify |
| scheduler-administrator | JobDefinitionType.View |
| scheduler-administrator | JobFile.View |
| scheduler-administrator | JobLock.Create |
| scheduler-administrator | JobLock.Delete |
| scheduler-administrator | JobLock.Modify |
| scheduler-administrator | JobLock.View |
| scheduler-administrator | ProcessServer.Create |
| scheduler-administrator | ProcessServer.Delete |
| scheduler-administrator | ProcessServer.Modify |
| scheduler-administrator | ProcessServer.View |
| scheduler-administrator | Queue.Create |
| scheduler-administrator | Queue.Delete |
| scheduler-administrator | Queue.DeleteJobIn |
| scheduler-administrator | Queue.Modify |
| scheduler-administrator | Queue.SubmitJobIn |
| scheduler-administrator | Queue.View |
| scheduler-administrator | RegistryEntry.Create |
| scheduler-administrator | Resource.Create |
| scheduler-administrator | Resource.Delete |
| scheduler-administrator | Resource.Modify |
| scheduler-administrator | Resource.View |
| scheduler-administrator | SAPSystem.Create |
| scheduler-administrator | SAPSystem.Delete |
| scheduler-administrator | SAPSystem.Modify |
| scheduler-administrator | SAPSystem.View |
| scheduler-administrator | Service.Create |
| scheduler-administrator | Service.Delete |
| scheduler-administrator | Service.Modify |
| scheduler-administrator | Service.View |
| scheduler-administrator | Subject.View |
| scheduler-administrator | SubmitFrame.Create |
| scheduler-administrator | SubmitFrame.Delete |
| scheduler-administrator | SubmitFrame.Modify |
| scheduler-administrator | SubmitFrame.View |
| scheduler-administrator | TimeWindow.Create |
| scheduler-administrator | TimeWindow.Delete |
| scheduler-administrator | TimeWindow.Modify |
| scheduler-administrator | TimeWindow.View |
Isolation Administrator Role Privileges
| Role | System Privilege |
|---|---|
| scheduler-isolation-administrator | Subject.CanGrant |
| scheduler-isolation-administrator | Subject.Create |
| scheduler-isolation-administrator | Subject.Delete |
| scheduler-isolation-administrator | Subject.Modify |
| scheduler-isolation-administrator | Subject.View |
Secondary role privileges
| Role | System Privilege |
|---|---|
| scheduler-job-administrator | EventDefinition.Create |
| scheduler-job-administrator | EventDefinition.Delete |
| scheduler-job-administrator | EventDefinition.Modify |
| scheduler-job-administrator | Job.Modify |
| scheduler-job-administrator | JobDefinition.Create |
| scheduler-job-administrator | JobDefinition.Delete |
| scheduler-job-administrator | JobDefinition.DeleteJob |
| scheduler-job-administrator | JobDefinition.Modify |
| scheduler-job-administrator | JobDefinition.SubmitJob |
| scheduler-job-administrator | Queue.DeleteJobIn |
| scheduler-job-administrator | Queue.SubmitJobIn |
| scheduler-event-operator | EventDefinition.Clear |
| scheduler-event-operator | EventDefinition.Raise |
The generic role privileges
| Role | System Privilege |
|---|---|
| scheduler-viewer | Application.View |
| scheduler-viewer | EventDefinition.View |
| scheduler-viewer | Format.View |
| scheduler-viewer | Job.View |
| scheduler-viewer | JobDefinition.View |
| scheduler-viewer | JobDefinitionType.View |
| scheduler-viewer | JobFile.View |
| scheduler-viewer | JobLock.View |
| scheduler-viewer | ProcessServer.View |
| scheduler-viewer | Queue.View |
| scheduler-viewer | Resource.View |
| scheduler-viewer | SAPSystem.View |
| scheduler-viewer | Service.View |
| scheduler-viewer | Subject.View |
| scheduler-viewer | SubmitFrame.View |
| scheduler-viewer | TimeWindow.View |