Right

Actions inside the Xyna Factory are linked to specific rights. Thus not having the right, a user is not able to access content or perform actions, he is not allowed to.

To assign the rights to users, you have to define roles with a set of rights for a specific field of duty (e.g. MODELLER for users using the Xyna Modeller). Such a role can then be assigned to users. Each user has exactly one role assigned.

To apply a certain right to roles, there has to be a right definition for this right. The right definition matches a point-separated expression and can be extended by additional right parameters separated with colons. Following types of parameter expressions are allowed between two colons:

• :[option1, option2, option3]: option1, option2 or option3 is allowed
• :/<RegExp>/: Allows expressions matching a given regular expression
• :*: Allows expressions matching this regular expression: /^[a-zA-Z0-9_.]*\*?$/
  E.g. xact.device_WLAN_1*.
• :/\*/: Only an asterisk (*) is allowed between two colons
• :/.*/: Everything is allowed between two colons

The parameters may contain asterisks as wildcards.

Table of Contents Management Right Definitions of the Xyna Factory Common Right Configurations Login Xyna Process Modeller Xyna Process Monitor Workspaces and Applications Other Components of the Xyna Modeller See Also

Management

Right definitions can be viewed and managed by the CLI or inside the Rights section of the Xyna Access Control. The rights can be applied to roles inside the Roles section of the Xyna Access Control. Roles can be applied to users inside the Users section of the Xyna Access Control.

Right Definitions of the Xyna Factory

The Xyna Factory comes along with the following set of right definitions:

Right Definitions

Name	Right Parameter	Description
APPLICATION_ADMINISTRATION	-	Allows to deploy or remove Applications. These operations are typically used by the Applications section of the Xyna Factory Manager. In addition to these rights needed by the Xyna Factory Manager the following rights are needed to authorize the operations on the server: xfmg.xfctrl.ApplicationManagement:<wbr/>deploy:... xfmg.xfctrl.ApplicationManagement:<wbr/>remove:... See right xfmg.xfctrl.ApplicationManagement for more details.
APPLICATION_MANAGEMENT	-	Allows to start or stop Applications. These operations are typically used by the Applications section of the Xyna Factory Manager. In addition to these rights needed by the Xyna Factory Manager the following rights are needed to authorize the operations on the server: xfmg.xfctrl.ApplicationManagement:<wbr/>start:... xfmg.xfctrl.ApplicationManagement:<wbr/>stop:... See right xfmg.xfctrl.ApplicationManagement for more details.
DISPATCHER_MANAGEMENT	-	Allows to create, edit and remove Destinations Please note: This right is only relevant for the RMI interface. Use the right xfmg.xfctrl.orderTypes:... to manage Destinations by the Order Types section of the Xyna Factory Manager.
EDIT_MDM	-	Allows the modeling of XMOM Objects In detail the following operations are allowed by this right: Saving Workflows Deletion of Data Types, Exception Types, Service Groups and Workflows All operations around Collaborative Modeling, e.g. locking and unlocking of XMOM Objects Refactoring of XMOM Objects
READ_MDM	-	Allows to view existing XMOM Objects This right allows accessing existing XMOM Objects. Without the additional right EDIT_MDM the access is limited to read-only.
FREQUENCY_CONTROL_<wbr></wbr>MANAGEMENT	-	Allows to start and cancel Frequency-Controlled Tasks Frequency-Controlled Tasks can be started from inside the Order Input Sources section of the Xyna Factory Manager.
KILL_STUCK_PROCESS	-	Allows to kill a stuck Xyna Order This right is needed to kill a running Xyna Order inside the Order Overview section of the Xyna Process Monitor.
MONITORING_LEVEL_<wbr></wbr>MANAGEMENT	-	Allows to change global and Order Type-specific Monitoring Levels Please note: This right is only relevant for the RMI interface. Use the right xfmg.xfctrl.orderTypes:... to manage the Order Type-specific Monitoring Levels by the Order Types section of the Xyna Factory Manager. The global Monitoring Level can also be changed by the Xyna Property xyna.default.monitoringlevel, which again needs the right xfmg.xfctrl.XynaProperties:<wbr/>read:<wbr/>xyna.default.monitoringlevel.
SESSION_CREATION	-	Allows the creation of a session
MULTIPLE_SESSION_CREATION	-	Allows the creation of multiple sessions at once for the same user, see Multi Session Login
START_ORDER	-	Allows to start Xyna Orders Please note: This right definition is equivalent to the right xprc.xpce.StartOrder:*:*:*.
TRIGGER_FILTER_MANAGEMENT	-	Allows addition, removal, deployment and undeployment of Triggers and Filters and also to enable or disable their instances. This right is only checked when directly accessing the corresponding RMI operations. Please note: When an application is started/stopped, its Trigger and Filter instances are also enabled/disabled. In this case the rights xfmg.xfctrl.ApplicationManagement:start:... and xfmg.xfctrl.ApplicationManagement:stop:... are checked.
USER_LOGIN	-	Allows the user to login
USER_MANAGEMENT	-	Allows to view and manage users, rights, roles and domains These operations are typically used by the Xyna Access Control. This right is needed to display the Xyna Access Control and its sections inside the Xyna Modeller and other graphical user interfaces. Please note: This right also allows the user to change his password (c.f. USER_MANAGEMENT_EDIT_OWN).
USER_MANAGEMENT_<wbr></wbr>EDIT_OWN	-	Allows the user to change his password
WORKINGSET_MANAGEMENT	-	Allows the following operations: Create a new Workspace Remove all objects inside a Workspace Remove a Workspace Load the content of an Application into a Workspace and create a fitting Application Definition Set required Runtime Contexts of Workspaces Set required Runtime Contexts of a Workspace's Application Definition Build a new Application from a Workspace's Application Definition These operations are typically used by the Workspaces section of the Xyna Factory Manager.
xfmg.xfctrl.administrativeVetos	[read, write, insert, delete, *]:<br>/\*/	Allows to view and manage Administrative Vetoes Right parameters: [read, write, insert, delete, *]: read: Allows to view the Administrative Vetoes write: Allows to edit documentation of Administrative Vetoes insert: Allows to create Administrative Vetoes delete: Allows to remove Administrative Vetoes *: Allows all operations at once /\*/: Name of the Administrative Veto; Currently only the wildcard * is supported These operations are typically used by the Administrative Vetoes section of the Xyna Factory Manager.
xfmg.xfctrl.<wbr></wbr>ApplicationDefinitionManagement	[write, insert, *]:/.*/:/.*/	Allows to manage Application Definitions Right parameters: [write, insert, delete, *]: write: Allows to change the content of an Application Definitions insert: Allows to create new Application Definitions as part of a Workspace delete: Allows to remove Application Definitions *: Allows all operations at once /.*/: Name of the Workspace /.*/: Name of the Application Definition Example: xfmg.xfctrl.ApplicationDefinitionManagement:write:default workspace:My Application Please note: There is no designated right for viewing Application Definitions. Every user is allowed to view all Application Definitions. Please note: Use the right WORKINGSET_MANAGEMENT to set required Runtime Contexts of an Application Definition. These operations are typically used by the Workspaces section of the Xyna Factory Manager.
xfmg.xfctrl.ApplicationManagement	[list, start, stop, deploy, write, remove, migrate, *]:<br>/.*/:/.*/	Allows to view and manage Applications Right parameters: [list, start, stop, deploy, write, remove, migrate, *]: list: Allows to view the Applications start: Allows to start an Application to open its Order Entry Interfaces and to open single Order Entry Interfaces stop: Allows to stop an Application to close its Order Entry Interfaces and to close single Order Entry Interfaces deploy: Allows to import Applications into a Xyna Factory instance Allows to export an Application from a Xyna Factory instance Allows to deploy Applications on Factory Nodes write: Allows to change required Runtime Contexts remove: Allows to remove Applications migrate: Allows to migrate Cron-like Orders and Order Types *: Allows all operations at once /.*/: Name of the Application /.*/: Version of the Application These operations are typically used by the Applications section of the Xyna Factory Manager. Technically some of them start certain Xyna Orders in the Application GlobalApplicationMgmt. To start those orders further rights of the type xprc.xpce.StartOrder are needed. A typically used setting is xprc.xpce.StartOrder:*:GlobalApplicationMgmt:*. More restrictive settings are confined to the particular operations, which again are defined by the following Xyna Properties: list: xfmg.xfctrl.appmgmt.<wbr/>ListApplications.<wbr/>Destination start: xfmg.xfctrl.appmgmt.<wbr/>StartApplications.<wbr/>Destination stop: xfmg.xfctrl.appmgmt.<wbr/>StopApplications.<wbr/>Destination deploy: xfmg.xfctrl.appmgmt.<wbr/>DeployApplications.<wbr/>Destination Please note: This right is only needed for the deployment on Factory Nodes. The export doesn't start any Xyna Order. remove: xfmg.xfctrl.appmgmt.<wbr/>RemoveApplications.<wbr/>Destination Example: The default value of the Xyna Property xfmg.xfctrl.appmgmt.<wbr/>ListApplications.<wbr/>Destination is xfmg.xfctrl.appmgmt.<wbr/>ListApplications@<wbr/>GlobalApplicationMgmt/1.0. The corresponding Start Order-right is xprc.xpce.StartOrder:<wbr/>xfmg.xfctrl.appmgmt.ListApplications:<wbr/>GlobalApplicationMgmt:<wbr/>1.0. If the operations above are used via the Xyna Factory Manager the following additional rights are needed: APPLICATION_ADMINISTRATION: Needed for deploying or removing Applications APPLICATION_MANAGEMENT: Needed for starting and stopping Applications See right APPLICATION_ADMINISTRATION and APPLICATION_MANAGEMENT for more details.
xfmg.xfctrl.capacities	[read, write, insert, delete, *]:<br>/\*/	Allows to view and manage Capacities Right parameters: [read, write, insert, delete, *]: read: Allows to view the Capacities write: Allows to edit Capacities insert: Allows to create Capacities delete: Allows to remove Capacities *: Allows all operations at once /\*/: Name of the Capacity; Currently only the wildcard * is supported These operations are typically used by the Capacities section of the Xyna Factory Manager.
xfmg.xfctrl.cronLikeOrders	[read, write, insert, delete, *]:<br>/\*/:/\*/:/\*/	Allows to view and manage Cron-like Orders Right parameters: [read, write, insert, delete, *]: read: Allows to view the Cron-like Orders write: Allows to edit Cron-like Orders insert: Allows to create Cron-like Orders delete: Allows to remove Cron-like Orders *: Allows all operations at once /\*/: Name of the Cron-like Order; Currently only the wildcard * is supported /\*/: Name of the Application or Workspace; Currently only the wildcard * is supported /\*/: Version of the Application or empty, if the second parameter targets the name of a Workspace; Currently only the wildcard * is supported These operations are typically used by the Cron-like Orders section of the Xyna Factory Manager.
xfmg.xfctrl.deploymentItems	[read, *]:/\*/:/\*/:/\*/	Allows to view Deployment Items Right parameters: [read, *]: read: Allows to view the Deployment Items *: Allows all operations at once /\*/: Name of the Deployment Item; Currently only the wildcard * is supported /\*/: Name of the Application or Workspace; Currently only the wildcard * is supported /\*/: Version of the Application or empty, if the second parameter targets the name of a Workspace; Currently only the wildcard * is supported These operation is typically used by the Deployment Items section of the Xyna Factory Manager and the Deployment State side panel of the Xyna Process Modeller.
xfmg.xfctrl.orderInputSources	[read, write, insert, delete, generate, *]:<br>/\*/:/\*/:/\*/	Allows to view and manage Order Input Sources Right parameters: [read, write, insert, delete, generate, *]: read: Allows to view the Order Input Sources write: Allows to edit Order Input Sources insert: Allows to create Order Input Sources delete: Allows to remove Order Input Sources generate: Allows to use an Order Input Source to generate input values *: Allows all operations at once /\*/: Name of the Order Input Source; Currently only the wildcard * is supported /\*/: Name of the Application or Workspace; Currently only the wildcard * is supported /\*/: Version of the Application or empty, if the second parameter targets the name of a Workspace; Currently only the wildcard * is supported These operations are typically used by the Order Input Sources section of the Xyna Factory Manager.
xfmg.xfctrl.orderTypes	[read, write, insert, delete, *]:<br>/\*/:/\*/:/\*/	Allows to view and manage Order Types Right parameters: [read, write, insert, delete, *]: read: Allows to view the Order Types write: Allows to edit Order Types insert: Allows to create Order Types delete: Allows to remove Order Types *: Allows all operations at once /\*/: Name of the Order Type; Currently only the wildcard * is supported /\*/: Name of the Application or Workspace; Currently only the wildcard * is supported /\*/: Version of the Application or empty, if the second parameter targets the name of a Workspace; Currently only the wildcard * is supported These operations are typically used by the Order Types section of the Xyna Factory Manager.
xfmg.xfctrl.timeControlledOrders	[read, write, insert, enable, disable, kill, *]:<br>/.*/:/.*/:/.*/	Allows to view and manage Time-Controlled Orders Right parameters: [read, write, insert, enable, disable, kill, *]: read: Allows to view the Time-Controlled Orders write: Allows to edit Time-Controlled Orders insert: Allows to create Time-Controlled Orders enable: Allows to continue Time-Controlled Orders disable: Allows to pause Time-Controlled Orders kill: Allows to cancel Time-Controlled Orders *: Allows all operations at once /.*/: Name of the Time-Controlled Order /.*/: Name of the Application or Workspace /.*/: Version of the Application or empty, if the second parameter targets the name of a Workspace These operations are typically used by the Time-Controlled Orders section of the Xyna Factory Manager.
xfmg.xfctrl.WorkspaceManagement	[list, write, *]:/.*/	Allows to view Workspaces Right parameters: [list, write, *]: list: Allows to view the Workspaces write: Allows to change required Runtime Contexts *: Allows all operations at once /.*/: Name of the Workspace This operation is typically used during startup of the Xyna Modeller and by the Workspaces section of the Xyna Factory Manager.
xfmg.xfctrl.XynaProperties	[read, write, insert, delete, *]:<br>/.*/	Allows to view and manage Xyna Properties Right parameters: [read, write, insert, delete, *]: read: Allows to view the Xyna Properties write: Allows to edit Xyna Properties insert: Allows to create Xyna Properties delete: Allows to remove Xyna Properties *: Allows all operations at once /.*/: Name of the Xyna Property These operations are typically used by the Xyna Properties section of the Xyna Factory Manager. The Xyna Modeller needs read access on some Xyna Properties.
xmcp.xfm.factoryManager	-	Allows to display the Xyna Factory Manager inside the Xyna Modeller
xmcp.xfm.processModeller	-	Allows to display the Xyna Process Modeller inside the Xyna Modeller
xmcp.xfm.processModeller.stealLock	-	Allows to force an unlock of a document that is currently locked by another user. When having this right, an additional button "Steal Lock" is shown in the details view of an XMOM Objects in the Process Modeller.
xmcp.xfm.processMonitor	-	Allows to display the Xyna Process Monitor inside the Xyna Modeller
xmcp.xfm.processmonitor.ordermonitor	-	Allows to display the Order Overview inside the Xyna Process Monitor
xmcp.xfm.processmonitor.mimonitor	-	Allows to display the MI Monitor inside the Xyna Process Monitor
xmcp.xfm.processmonitor.resourcemonitor	-	Allows to display the Capacity and Veto Monitors inside the Xyna Process Monitor
xmcp.xfm.processmonitor.livereporting	-	Allows to display the Live Reporting inside the Xyna Process Monitor
xmcp.xfm.testFactory	-	Allows to display the Test Factory inside the Xyna Modeller
xnwh.persistence.Storables	[read, write, insert, delete, *]:<br>*:*	Allows access to Storable instances Right parameters: [read, write, insert, delete, *]: read: Allows to view the Storable instances write: Allows to edit Storable instances insert: Allows to create Storable instances delete: Allows to remove Storable instances *: Allows all operations at once *: Name of the Storable (Data Type) *: Path inside a Storable instance The path names a chain of Member Variables to limit the scope of the access rights. E.g. an user can have the right to access the value of device.remoteAccess.port, but doesn't have access to device.remoteAccess.password.
xprc.xpce.StartOrder	/.*/:/.*/:/.*/	Allows to start Xyna Orders Right parameters: /.*/: Name of the Order Type /.*/: Name of the Application or Workspace /.*/: Version of the Application or empty, if the second parameter targets the name of a Workspace Please note: This right definition supersedes the right START_ORDER.
base.fileaccess	[read, write, insert, delete, *:/.*/	Allows local file access via ManagedFile Right parameters: [read, write, insert, delete, *]: read: Allows to read the file write: Allows to write to the file insert: Allows to create the file delete: Allows to remove the file /.*/: Name of the file This right was introduced in 7.0.3.1. and full access to SystemTempDir (for example '/tmp/') is granted to all roles that were previously allowed to import or export applications.

Please note: Some right parameters only allow the asterisk (*), where the Xyna Factory doesn't support better name comparison yet.

Common Right Configurations

The following section sorts the rights by specific components of the Xyna Modeller.

Please note: Everwere, the following section mentions the right xfmg.xfctrl.ApplicationManagement:..., there are additional rights needed depending on the environment. See the right's documentation for further details.

Login

To start an user session the following rights are needed:

• SESSION_CREATION
• USER_LOGIN
• USER_MANAGEMENT_EDIT_OWN

The following operations are allowed without further rights:

• Logout
• Receiving the list of Factory Details (compatibility properties)
• Receiving the list of Application Definitions
• Receiving the content of an Application Definition or an Application
• Receiving the list of Order Entries
• Receiving the list of Tags
• Receiving the list of Tasks
• Receiving the list of Trigger instances

Xyna Process Modeller

The following rights are needed for Modeling with the Xyna Process Modeller:

• xmcp.xfm.processModeller
• READ_MDM
• EDIT_MDM
• xfmg.xfctrl.WorkspaceManagement:list:*

Optionally the following rights are needed for the side panels of the Xyna Process Modeller:

• Details
  • xfmg.xfctrl.deploymentItems:read:*:*:*
• Workflow Tester
  • xnwh.persistence.Storables:*:*:*
  • xprc.xpce.StartOrder:*:*:*
• Deployment State
  • xfmg.xfctrl.deploymentItems:read:*:*:*

Please note: If the right xmcp.xfm.processModeller is missing, the Xyna Process Modeller is hidden from the Xyna Modeller.

Xyna Process Monitor

• xmcp.xfm.processMonitor - If this right is missing, the Xyna Process Monitor is hidden from the Xyna Modeller.
• Order Overview
  • xmcp.xfm.processmonitor.ordermonitor
  • KILL_STUCK_PROCESS - Optional, enables the Kill Order button to kill running Orders.
• MI Monitor
  • xmcp.xfm.processmonitor.mimonitor
• Capacity/Veto Monitor
  • xmcp.xfm.processmonitor.resourcemonitor
• Live Reporting
  • xmcp.xfm.processmonitor.livereporting

Workspaces and Applications

The Workspaces and Applications sections of the Xyna Factory Manager allows the management of Workspaces, Application Definitions and Applications. The following rights are needed to use all features of this section:

• APPLICATION_ADMINISTRATION
• APPLICATION_MANAGEMENT
• WORKINGSET_MANAGEMENT
• xfmg.xfctrl.ApplicationDefinitionManagement:*:*:*
• xfmg.xfctrl.ApplicationManagement:*:*:*
• xfmg.xfctrl.WorkspaceManagement:*:*

Other Components of the Xyna Modeller

All other components of the Xyna Modeller, which are not mentioned above, need the following rights to work properly:

• Xyna Access Control
  • USER_MANAGEMENT
• Xyna Factory Manager
  • xmcp.xfm.factoryManager
    Please note: If this right is missing, the Xyna Factory Manager is hidden from the Xyna Modeller.
  • Workspaces and Applications
    • See above
  • Order Types
    • xfmg.xfctrl.orderTypes:*:*:*:*
    • xfmg.xfctrl.WorkspaceManagement:list:* (to create a new Order Type)
  • Cron-like Orders
    • xfmg.xfctrl.cronLikeOrders:*:*:*:*
    • xfmg.xfctrl.WorkspaceManagement:list:* (to create a new Cron Like Order)
  • Time-Controlled Orders
    • xfmg.xfctrl.timeControlledOrders:*:*:*:*
    • xfmg.xfctrl.WorkspaceManagement:list:* (to create a new Time Controlled Order)
  • Order Input Sources
    • FREQUENCY_CONTROL_MANAGEMENT (to start a Frequency Controlled Task)
    • xfmg.xfctrl.orderInputSources:*:*:*:*
    • xfmg.xfctrl.WorkspaceManagement:list:* (to create a new Order Input Source)
    • xprc.xpce.StartOrder:*:*:* (to start a Xyna Order)
  • Capacities
    • xfmg.xfctrl.capacities:*:*
  • Administrative Vetoes
    • xfmg.xfctrl.administrativeVetos:*:*
  • Deployment Items
    • xfmg.xfctrl.deploymentItems:*:*:*:*
  • Storable Instances
    • xnwh.persistence.Storables:*:*:*
    • xprc.xpce.StartOrder:*:*:* (to query, store and delete Storables)
  • Xyna Properties
    • xfmg.xfctrl.XynaProperties:*

See Also

• Xyna Access Control
• Authentication & Authorization