Configuring Roles

In the default gateway.config file, role configurations have been provided for these four standard Granta MI security roles: MI_ADMIN, MI_READ, MI_WRITE, MI_POWERUSER. You can use the provided role configurations as provided, or you can adapt them to your requirements by editing the definitions in the gateway.config file.

You can also define your own role configurations for any other Granta MI security roles that exist on your Granta MI system.

Note: The gateway.config file supplied with the Gateway distribution package includes a fall-back role configuration

<Role
                a:role="*">

that applies to all users of Gateway, regardless of their MI security role membership. This is intended as a default for any custom security roles on your system that do not have an explicit role configuration in the gateway.config file.

If a Gateway user is a member of more than one MI security group (for example, MI_WRITE and MI_READ), they will have access to the packages from all roles. If the roles have different default profiles, the precedence setting determines which one is used – for more details, see Defining host-level profiles.

To configure roles:

In your text editor of choice, open Gateway.config.
Navigate to the <Roles> section.

Make the appropriate edits to ensure that each Role defined in your security system has the appropriate packages enabled.

Option	Description
To add a role	Add a `<Role a:role="role_name"/>` element. Where `role_name` matches an MI security group in your system that has not already have a role defined.
To modify a role	Make your changes to the `<Role a:role="role_name"/>` element. Where `role_name` matches the MI security group name.
To modify the fall-back configuration	Make your changes to the `<Role a:role="*"/>` element
To delete a role	Remove the `<Role>` element from the section.

If the package you would like to add has not been defined, you will need to define it. See Defining a package.

Save Gateway.config.