Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The standard package of Nexus PRIME provides a set of predefined roles that can be used as is or adapted to your requirements. This table lists the predefined roles and what rights they have in PRIME Designer and PRIME Explorer respectively. 


Scroll Ignore
scroll-pdftrue
scroll-officetrue
scroll-chmtrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-epubtrue
scroll-htmltrue


Noprint

Related information

See the following links:





RoleDescriptionRightsTechnical reference
Bootstrap administratorDoes the initial configuration of PRIME.

PRIME Designer: All
PRIME Explorer: Admin

BaseRoleBootstrapAdmin
Policy administratorA user in Designer.

PRIME Designer: All
PRIME Explorer: No

BaseRolePolicyAdmin
Service administrator

Makes configurations in Explorer, such as:

  • Start, restart and stop services
  • Create tenant
  • Configure connector
  • Audit the system log and the process lists
  • Kill processes

PRIME Designer: No
PRIME Explorer: Admin

BaseRoleServiceAdmin
Registration officerManages “target” users and identities, who are targets (or objects) of credential management actions.

PRIME Designer: No
PRIME Explorer: All

BaseRoleRegistrationOfficer
ApproverApproves card production.

PRIME Designer: No
PRIME Explorer: Open Tasks

BaseRoleOfficer
Card production administrator
  • Produces cards
  • Repeats production

PRIME Designer: No
PRIME Explorer: Extended Search, Batch Orders

BaseRoleProductionAdmin
Issuing authorityActivates and issues card to requester/user.

PRIME Designer: No
PRIME Explorer: Extended Search

BaseRoleIssuingAuthority
User administrator
  • Manages users and identities
  • Assigns and de-assigns roles to users

PRIME Designer: Roles, User Administration
PRIME Explorer: Extended Search

BaseRoleUserAdmin
Helpdesk
  • Resets passwords
  • Activates and reactivates PRIME users

PRIME Designer: No
PRIME Explorer: Extended Search, Open Tasks

BaseRoleHelpdeskOfficer
Self-service user
  • Registers and deregisters herself in the system
  • Registers security password
  • Resets her own password
  • Changes pin
  • Unblocks pin
  • Renews her own card
  • Locks her own card

PRIME Designer: No
PRIME Explorer: No

BaseRoleSelfServiceUser

Self-service visitor

  • Accepts or denies meeting invitation
  • Invites further participant to an existing meeting
PRIME Designer: No
PRIME Explorer: No

BaseRoleSelfServiceVisitor

Batch sync

A role used for automatic batch synchronization of identities with external sources such as Active Directory. This role can not be assigned to persons, but only used for this purpose.

For the batch synchronization to work, the following entry must be set in the system.properties file of the prime explorer: 

batchSync.permissionRole=BaseRoleBatchSync
PRIME Designer: No
PRIME Explorer: No
BaseRoleBatchSync

Bootstrap users

The following bootstrap users are defined in PRIME, to quickly get started. These must be removed after setting up the system. 

UsernameRolePassword
adminBaseRoleBootstrapAdminadmin
approverBaseRoleOfficer
ScmRoleApproverOfficer
approver
consultantBaseRolePolicyAdminconsultant
helpdeskBaseRoleHelpDeskOfficerhelpdesk
requesterBaseRoleRegistrationOfficer
BaseRoleProductionAdmin
BaseRoleIssuingAuthority
ScmRoleServerRegistrationOfficer
ScmRoleServerAdministrator
requester
serviceBaseRoleServiceAdminservice
useradminBaseRoleUserAdminuseradmin