In WebAdmin roles are represented as "normal" UTM objects, for example as Ksets. However, the role objects are known only to WebAdmin and are not communicated to the UTM administration interface since openUTM is still only able to use lockcodes and keycodes.
The main purpose of the role objects is to link the less transparent numerical lockcodes and keycodes with user-definable symbolic names. The "name" of a role object corresponds to the lockcode/keycode that is passed to openUTM. The "Alias" property of the role objects specifies the symbolic name of the role, for example "department manager" or "clerk", and can be edited as required. Wherever roles are displayed in WebAdmin, for example in object lists and property pages, the alias of the role is specified instead of the name.
In the case of roles, it is possible to distinguish between user roles (represented by Ksets) and access roles (represented by locks and access lists).
The table below provides an overview of the security-relevant UTM object types and generation parameters:
Object | Type | Generation | Role type |
|---|---|---|---|
USER | User | KSET | User roles |
Service | Q-READ-ACL | Access roles (read access to the user queue) | |
Q-WRITE-ACL | Access roles (write access to the user queue) | ||
LTERM | Coupler | LOCK | Access role |
KSET | User roles | ||
TPOOL | Coupler | LOCK | Access role |
KSET | User roles (of the Tpool and an implicit user if no USER-KSET is present) | ||
USER-KSET | User roles (of an implicit user) | ||
LPAP | Coupler | KSET | User roles |
OSI-LPAP | Coupler | KSET | User roles (of the Osi-Lpap and an implicit user if no ASS-KSET is present) |
ASS-KSET | User roles (of an implicit user) | ||
TAC | Service | LOCK | Access role (access to an asynchronous or dialog Tac) |
ACCESS-LIST | Access roles (access to an asynchronous or dialog Tac) | ||
Service | Q-READ-ACL | Access roles (read access to the Tac queue) | |
Q-WRITE-ACL | Access roles (write access to the Tac queue) | ||
LTAC | Service | LOCK | Access role |
ACCESS-LIST | Access roles |