User management and permissions
1. User management
Each request in the Figaf Tool requires authorization.
To create new user click on 
. It opens Add User dialog:
-
Configure
Email,Password,Confirm Password, andDisplay Name. -
Select
User rolesfor a new user (see Figaf Tool roles and permissions section to learn more about existent roles). -
(optional) Select
Message Monitor Filter rolesif the user should have access to some filters. Message Monitor Filter roles are created automatically after Message Monitor Filter creation (see this section to learn how to create it).Users with IRTAdminrole have full access to all message monitor filters. -
(optional) Configure
Mapped SAP user namesif you want to set up a mapping of system usernames with Figaf Tool users.Usernames can only be assigned to one user. Once you configure such mapping, the Figaf user (instead of the system user) will be shown in Change Tracking Tool and Testing tool.
-
(optional) Configure
Email for notificationif user email can’t be used for email integration (e.g. it is blocked by the server), so it is possible to configure secondary email. If the value is empty, user email is used. Otherwise, the value configured in this field is used.The value is used only in DevOps email integrations: request of transport approval, approval result, import/rollback result, etc.
-
(optional) Configure
Additional infoif you want to configure some additional information about the user.
2. Figaf Tool roles and permissions
Figaf Tool web app provides the following roles:
-
IRTSuperUser- root administrator role. Only one user can be marked as a super user (default user).IRTSuperUserrole gives full access to user management in the Figaf Tool, other functions are not available. -
IRTAdmin- administrator role. User with that role has full access to the application functions. -
IRTLicenseRequester- standard user role. User with that role is able to request new licenses for the objects. Except possibility to change credentials of root administrator. -
IRTApplicationManager- standard user role, allows changes of configuration on pages:Application config,Integrations,ScenarioMapping,Encoding Determination,Anonymization variables. -
IRTAgentManager- standard user role, allows changes of agents configuration (create/update/delete), naming convention rules. -
IRTUserManager- standard user role, grants permissions for user management. -
IRTOAuthClientsManager- standard user role, allows registration of new OAuth clients for external integration with Figaf Tool through public api. -
IRTSensitivePayloadViewer- additional user role, should be used with administrator or/and any standard role.IRTSensitivePayloadViewerrole allows user to configure confidential and secured agents and view original payloads of confidential messages. -
IRTOperator- standard user role. See permissions below. -
IRTConfigurator- standard user role. See permissions below. -
IRTManager- standard user role. See permissions below. -
IRTUser- standard user role. User with that role can only browse pages and run tests. See permissions below. -
IRTSupportToolOperator- standard user role. User with that role can configure rules, alerts. See permissions below. -
IRTSupportToolManager- standard user role. User with that role has full access to Support Tool, see permissions below. -
IRTDevOpsOperator- standard user role. User with this role can work with tickets, releases, and transports. -
IRTDevOpsConfigurator- standard user role.IRTDevOpsConfiguratorrole allows modifying transport configuration. -
IRTDevOpsManager- standard user role. See permissions below. -
IRTLandscapeManager- standard user role, manages landscapes. See permissions below. -
FigafMessageMonitoringOperator- standard user role, operates with CPI Message Monitors.
Tables below show how roles are used for access restriction. If some role is not shown in some table, then in means that it has no effect in related part of Figaf Tool.
IRTUser role is not shown in tables to save some space. That role allows only read-only access to the whole tool.
IRTLicenseRequester role grants a permission to request a new object licence for Testing/DevOps/Migration.
|
2.1. Configuration
| Action\Role | Super user | Admin | App manager | User manager | DevOps manager | OAuth Clients manager |
|---|---|---|---|---|---|---|
Application configuration update |
- |
+ |
+ |
- |
- |
- |
Browse and download log files |
+ |
+ |
- |
- |
- |
- |
Agents configuration update
(except confidential and secured agents).
Note: confidential and secured agents
configuration available for administrator
with additional role |
- |
+ |
- |
- |
- |
- |
Upload naming convention rules |
- |
+ |
- |
- |
- |
- |
Test agent configuration |
+ |
+ |
+ |
+ |
+ |
+ |
Landscapes configuration |
- |
+ |
- |
- |
+ |
- |
User management |
+ |
+ |
- |
+ |
- |
- |
Initial License upload |
- |
+ |
- |
- |
- |
- |
External integrations management |
- |
+ |
+ |
- |
- |
- |
OAuth clients management |
- |
+ |
- |
- |
- |
+ |
Scenario mapping configuration update |
- |
+ |
+ |
- |
- |
- |
Encoding determination configuration update |
- |
+ |
+ |
- |
- |
- |
Anonymization variables configuration update |
- |
+ |
+ |
- |
- |
- |
2.2. Change Tracking Tool
| Action\Role | Admin | Manager | Operator | DevOps manager | Configurator | DevOps configurator |
|---|---|---|---|---|---|---|
Manage tags (create, modify, attach/detach tags to tracked objects) |
+ |
+ |
+ |
- |
- |
- |
Delete tags that aren’t used in transport denying rules of any landscape |
+ |
+ |
+ |
- |
- |
- |
Delete tags that are used in transport denying rules of any landscape |
+ |
- |
- |
+ |
- |
- |
Manage tagging rules (create, modify, import, process tagging) |
+ |
+ |
+ |
- |
- |
- |
Delete tagging rules |
+ |
+ |
- |
- |
- |
- |
Groovy IDE |
+ |
+ |
+ |
- |
+ |
+ |
Manage Partner Directory parameters |
+ |
- |
- |
- |
+ |
+ |
2.3. DevOps
| Action\Role | Admin | Landscape manager | DevOps manager | DevOps operator | DevOps configurator |
|---|---|---|---|---|---|
Landscapes configuration |
+ |
+ |
- |
- |
- |
Landscapes archiving |
+ |
+ |
- |
- |
- |
Manage releases (create, modify, release, add scenarios, attach/detach tickets except delete operation) |
+ |
- |
+ |
+ |
- |
Manage tickets (create, modify, attach/detach tracked objects, attach test cases, change status except delete operation) |
+ |
- |
+ |
+ |
- |
Manage transports (create, import, change status except delete operation) |
+ |
- |
+ |
+ |
- |
Run ticket |
+ |
+ |
+ |
+ |
+ |
Modify transport configuration |
+ |
- |
- |
- |
+ |
Delete releases, tickets, transports |
+ |
- |
+ |
- |
- |
2.4. Testing
| Action\Role | Admin | Manager | Operator | Configurator |
|---|---|---|---|---|
Synchronization with agent system |
+ |
+ |
+ |
+ |
Add/remove modules |
+ |
- |
- |
+ |
Update Recording Configuration on integration object |
+ |
- |
- |
+ |
Update Test Configuration on integration object |
+ |
- |
- |
+ |
Start/stop recording |
+ |
+ |
+ |
+ |
Create test suites/test cases |
+ |
+ |
+ |
+ |
Run test suites/test cases |
+ |
+ |
+ |
+ |
Merge test cases |
+ |
+ |
+ |
+ |
Trim test cases (remove all messages from test case except defined number of message groups) |
+ |
+ |
+ |
+ |
Update test case information (message/dynamic properties) |
+ |
+ |
+ |
+ |
Delete messages from test case by group |
+ |
+ |
- |
+ |
Clean test suites/test cases (delete their all testing results) |
+ |
+ |
- |
- |
Delete test cases (delete their all testing results, messages and test cases themselves) |
+ |
+ |
- |
- |
Update test suite |
+ |
+ |
+ |
+ |
Check test case/test suite results |
+ |
+ |
+ |
+ |
Delete test suite (delete their all testing results and templates themselves). Note: linked test cases will not be deleted! |
+ |
+ |
- |
- |
Delete testing results |
+ |
+ |
- |
- |
Configure comparison configurations |
+ |
- |
- |
+ |
View comparison configurations |
+ |
+ |
+ |
+ |
Send message requests creation, update |
+ |
+ |
+ |
- |
Send message requests deletion |
+ |
+ |
- |
- |
Send message requests running |
+ |
+ |
+ |
- |