The Roles and Users tab appears in the left pane of the Security Administrator system screen. See Figure 1.
When you select a user or role on the Roles and Users tab, the category-based permissions appear in the right pane. To provide more capabilities to the user or role, see Assigning Category-Based Permissions to a User or Role and System Access Privileges.
Consider the following when creating user accounts and assigning roles:
- The users must have one or more roles in the system. The default role for a new user is USER. The USER role is granted read-only access (View Action set) to the General category.
- You may not delete or rename the predefined set of users; however, you may add or remove the predefined users (except the MetasysSysAgent and BasicSysAgent) to or from roles and copy the users. You can view the Access Permissions and Properties of the predefined users but not edit them.
- You may not delete or rename the predefined set of roles; however, Standard administrators may add or remove users (except the MetasysSysAgent and BasicSysAgent) to or from the roles and copy the roles. You can view the Access Permissions on the predefined roles but not edit them.
- You cannot delete the ADMINISTRATOR role. You cannot delete or remove the MetasysSysAgent or BasicSysAgent administrator account from the system.
- The OPERATOR, ADMINISTRATOR, USER, and MAINTENANCE roles can be copied and then modified. When you copy these roles, the permissions for those roles are copied as well.
Figure 1 shows a summarized view of a user’s permissions, indicating the permissions provided by roles and the permissions directly assigned to the user. The two-headed icon indicates the permission is from the role level. The green check mark indicates that the permissions are from the user level. Figure 1 shows the relationship between role and user for the user shown in Figure 1.
