Integration Designer access rights
Granular access rights can be configured to restrict access to the Integration Designer.
Access authorizations in Integration Designer are provided with specified access scopes for both system and workflow management:
-
Manage-systems - for configuring access to integration systems.
Available scopes:
- import - allows users to import integration systems.
- read - allows users to view integration systems.
- edit - allows users to edit integration systems.
- admin - allows users to administer integration systems.
-
Manage-workflows - for configuring access to integration workflows.
Available scopes:
- import - allows users to import integration workflows.
- read_restricted - allows users to view restricted integration workflows.
- read - allows users to view all integration workflows.
- edit - allows users to edit integration workflows.
- admin - allows users to administer integration workflows.
Default Roles for Integration Designer
The Integration Designer service is configured with the following default user roles for each access scope mentioned above:
-
manage-systems
- import:
ROLE_INTEGRATION_SYSTEM_IMPORT
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
- read:
ROLE_INTEGRATION_SYSTEM_READ
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
- edit:
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
- admin:
ROLE_INTEGRATION_SYSTEM_ADMIN
- import:
-
manage-workflows
- import:
ROLE_INTEGRATION_WORKFLOW_IMPORT
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
- read_restricted:
ROLE_INTEGRATION_WORKFLOW_READ_RESTRICTED
ROLE_INTEGRATION_WORKFLOW_READ
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
- read:
ROLE_INTEGRATION_WORKFLOW_READ
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
- edit:
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
- admin:
ROLE_INTEGRATION_WORKFLOW_ADMIN
- import:
Warning: These roles must be defined in the selected identity provider, such as Keycloak, Red Hat Single Sign-On (RH-SSO), or another compatible identity provider.
Customizing Access Roles
In cases where additional custom roles are required, you can configure them using environment variables. Multiple roles can be assigned to each access scope as needed.
Environment Variable Format:
To configure access for each role, use the following format:
SECURITY_ACCESSAUTHORIZATIONS_AUTHORIZATIONNAME_SCOPES_SCOPENAME_ROLESALLOWED: NEEDED_ROLE_NAMES
- Possible values for
AUTHORIZATIONNAME
:MANAGE_SYSTEMS
,MANAGE_WORKFLOWS
. - Possible values for
SCOPENAME
:import
,read
,read_restricted
,edit
,admin
.
For example, to configure a custom role with read access to manage systems, use:
Was this page helpful?