• Documentation
  • Tutorials
  • Blogs
  • Product

What's on this Page

  • General concepts
  • Pre-populated Roles
  • Default access matrix
    • Default access matrix content
  • Step
  • Admin guide
  • Role management
Categories: PLUGINS SECURITY
This article references one of our previous releases, click here to go to our latest version instead.

Role management

General concepts

Every Step’s user is given a main role upon creation. With the default configuration of roles and rights, only the users with the admin role will be able to access Step’s projects without further actions required. Users with other roles will need to be added as member of specific projects; for each project membership a specific role is defined.

Role management is only available in the Enterprise Edition of step.

Pre-populated Roles

Role Definition
guest grants read-only access, while preventing modifications or executions
tester grants most privileges required for defining and executing test plans
developer in addition to the tester rights it allows to define keywords, and to administer individual projects
admin grant all privileges

Default access matrix

By default following mapping or roles and rights is provided. This can be customized by creating a CSV file based on the below table (removing the description column). You main rename role names, add additional roles and change the rights mapping.

Changing the roles and rights mapping can potentially create inconsistency on the Step UI, we recommend validating it in a staging system.

To use your custom CSV file, you simply have to modify you step.properties file on the controller.

# Uncomment the following if you want to use a custom right matrix
# ui.roleprovider.filename=../conf/AccessMatrix.csv

Default access matrix content

  guest tester developer admin description
plan-read x x x x can open and view plans
plan-write   x x x can create or modify plans
plan-delete     x x can delete plans
plan-execute   x x x can trigger the execution of plans
plan-bulk-execute   x x x can execute multiple plans in bulk from the executions list view
kw-read x x x x ‘kw’ stands for keywords, this right allows to read the configuration of a keyword
kw-write     x x can create or modify keywords
kw-delete     x x can delete keywords
kw-execute   x x x can automatically generate a temporary plan wrapping this keyword to execute it
automation-package-read x x x x allows to read automation packages meta data
automation-package-write x x can deploy or update automation packages (other entity rights aren’t required, for example you can deploy a package with keywords without the right kw-write)
automation-package-delete x x can delete an automation package
automation-package-execute x x x can trigger executions of automation packages
mask-read x x x x Mask are the entities used for the Image and PDF compare
mask-write   x x x can create or modify masks
mask-delete   x x x can delete masks
mask-execute   x x x can automatically generate a temporary plan wrapping this mask to execute it
execution-read x x x x allow to view execution results
execution-write   x x x can modify execution properties such as (un)marking an execution as retained/archived
execution-delete   x x x can delete executions (one by one)
execution-bulk-delete   x x x can delete executions in bulk
user-write       x allows to create or modify users (should be reserved to administrators)
user-read       x allows to view details of all users (should be reserved to administrators)
task-read x x x x This right allows to read the configuration of a schedule
task-write   x x x allows to configure the schedule, and enable or disable it from the configuration dialog
task-toggle   x x x allows to activate or deactiave a schedule using the toggle on the schedules list view (does not require the write right)
task-delete   x x x allows to delete a schedule
dashboard-read x x x x can visualize dashboards content
dashboard-write     x x can create and edit dashboards (data and display settings)
dashboard-delete       x can delete dashboards
scheduler-manage       x can switch on/off the scheduler globally
operations-read       x can view the “current operations” of all executions
controller-manage       x can shutdown the controller via the REST call
maintenance-message-write       x can write and turn on/off the maintenance message
admin-ui-menu       x has access to the settings menu including admin settings (only use one of admin-ui-menu or settings-ui-menu). This menu contains Maintenance, Project, Screens, Scheduler and Housekeeping settings
settings-read x x x x this right is required when using the Step Web UI
settings-write       x this right is required to modify settings such as the maven settings
settings-delete       x this right is required to delete settings
settings-ui-menu     x   has access to the settings menu entry (only use one of admin-ui-menu or settings-ui-menu). This menu contains Project, Screens and Scheduler settings
param-read x x x x cand read parameters
param-write   x x x can create or modify parameters (see also param-global-write)
param-delete   x x x can delete parameters
param-global-write   x x x required to create or modify parameters with the global scope
resource-read x x x x can read resources (Step resources are entities created to manage files and directories in Step, such as CSV datapool, keyword pacakges, report attachments….)
resource-write   x x x can create or modify resources
resource-delete   x x x can delete resources
resource-bulk-delete   x x x can delete resources in bulk
interactive   x x x can start interactive execution
token-manage     x x can manage agents and tokens (pause token/agents…)
monitoring-dashboard-configure   x x x can configure the scheduler tasks monitoring view
project-read x x x x can read project properties
project-write   x x x required to modify project settings, project members or to move (reassign) entities from one project to another
project-delete     x x can delete projects
project-view-all     x x can use the project “[All]” filter to view the content of all projects in read-only
project-access-all       x can access all projects with his “main” role without being an explicit member of them. Otherwise user must be a member of the project with a project’s specific role
broker-read x x x x can view the event broker data
broker-write   x x x can modify the even broker data including publishing events and consuming events by group or name
broker-delete     x x can consume events by ID and clear all events and stats data
screenInputs-read     x x can view the screen tempates
screenInputs-write     x x can modify the screen tempates
screenInputs-delete     x x can delete screen inputs from the screen tempates
table-settings-user-write   x x x can save table settings for current user
table-settings-project-write     x x can save table settings for all users in specific project
table-settings-system-write       x can save table settings for all users in all projects
collection-read       x generic entity read access right used by the API collection services
collection-write       x generic entity write access right used by the API collection services
collection-delete       x generic entity delete access right used by the API collection services
on-behalf-of   x allows to run or schedule execution on behalf on another user, this said user need the right plan-execute and access to the underlying project
notificationPresets-read x x x x right to view notification presets
notificationPresets-write   x x x right to edit notification presets
notificationPresets-delete   x x x right to delete notification presets
systemNotificationPresets-read       x right to view system notification presets
systemNotificationPresets-write       x right to edit system notification presets
systemNotificationPresets-delete       x right to delete system notification presets
alerting-rules-read x x x x right to view alerting rules
alerting-rules-write   x x x right to edit alerting rules
alerting-rules-delete   x x x right to delete alerting rules
incidents-read x x x x right to read incidents rules
incidents-write x x x right to write incidents rules
incidents-delete x x x right to delete incidents rules
  • Home
  • Whats new?
  • Set up
  • Administration
    • Maintenance
    • Project management
    • Role management
  • SaaS guide
  • User guide
  • Developer guide
  • DevOps
  • Plugins
  • Libraries
Step Logo
    • Documentation
    • Tutorials
    • Blogs
    • Product
    • Home
    • Whats new?
    • Set up
    • Administration
      • Maintenance
      • Project management
      • Role management
    • SaaS guide
    • User guide
    • Developer guide
    • DevOps
    • Plugins
    • Libraries