Granular access rights can be configured to restrict access to the Integration Designer.
Access authorizations in Integration Designer are provided with specified access scopes for both system and workflow management:
Manage-systems - for configuring access to integration systems.
Available scopes:
The workflow_read role allows users to view and monitor integration workflows without making changes:
Manage-workflows - for configuring access to integration workflows.
Available scopes:
The workflow_read-restricted role provides view-only access to integration workflows with limited permissions:
The Integration Designer service is configured with the following default user roles for each access scope mentioned above:
manage-systems
ROLE_INTEGRATION_SYSTEM_IMPORT
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
ROLE_INTEGRATION_SYSTEM_READ
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
ROLE_INTEGRATION_SYSTEM_ADMIN
manage-workflows
ROLE_INTEGRATION_WORKFLOW_IMPORT
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_READ_RESTRICTED
ROLE_INTEGRATION_WORKFLOW_READ
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_READ
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_ADMIN
Warning: These roles must be defined in the selected identity provider, such as Keycloak, Red Hat Single Sign-On (RH-SSO), or another compatible identity provider.
In cases where additional custom roles are required, you can configure them using environment variables. Multiple roles can be assigned to each access scope as needed.
Environment Variable Format:
To configure access for each role, use the following format:
SECURITY_ACCESSAUTHORIZATIONS_AUTHORIZATIONNAME_SCOPES_SCOPENAME_ROLESALLOWED: NEEDED_ROLE_NAMES
AUTHORIZATIONNAME
: MANAGE_SYSTEMS
, MANAGE_WORKFLOWS
.SCOPENAME
: import
, read
, read_restricted
, edit
, admin
.For example, to configure a custom role with read access to manage systems, use:
Granular access rights can be configured to restrict access to the Integration Designer.
Access authorizations in Integration Designer are provided with specified access scopes for both system and workflow management:
Manage-systems - for configuring access to integration systems.
Available scopes:
The workflow_read role allows users to view and monitor integration workflows without making changes:
Manage-workflows - for configuring access to integration workflows.
Available scopes:
The workflow_read-restricted role provides view-only access to integration workflows with limited permissions:
The Integration Designer service is configured with the following default user roles for each access scope mentioned above:
manage-systems
ROLE_INTEGRATION_SYSTEM_IMPORT
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
ROLE_INTEGRATION_SYSTEM_READ
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
ROLE_INTEGRATION_SYSTEM_EDIT
ROLE_INTEGRATION_SYSTEM_ADMIN
ROLE_INTEGRATION_SYSTEM_ADMIN
manage-workflows
ROLE_INTEGRATION_WORKFLOW_IMPORT
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_READ_RESTRICTED
ROLE_INTEGRATION_WORKFLOW_READ
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_READ
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_EDIT
ROLE_INTEGRATION_WORKFLOW_ADMIN
ROLE_INTEGRATION_WORKFLOW_ADMIN
Warning: These roles must be defined in the selected identity provider, such as Keycloak, Red Hat Single Sign-On (RH-SSO), or another compatible identity provider.
In cases where additional custom roles are required, you can configure them using environment variables. Multiple roles can be assigned to each access scope as needed.
Environment Variable Format:
To configure access for each role, use the following format:
SECURITY_ACCESSAUTHORIZATIONS_AUTHORIZATIONNAME_SCOPES_SCOPENAME_ROLESALLOWED: NEEDED_ROLE_NAMES
AUTHORIZATIONNAME
: MANAGE_SYSTEMS
, MANAGE_WORKFLOWS
.SCOPENAME
: import
, read
, read_restricted
, edit
, admin
.For example, to configure a custom role with read access to manage systems, use: