Installing RFAInstalling and Upgrading Redwood Finance Automation

on-site finance-related topic Business User role assignment

In general the following external security systems may be connected to the Redwood Finance Automation system:

  • LDAP
  • Java Enterprise Edition
  • Database (Table based) security

You create roles, users and role assignments in the external security system and import the users into Redwood Finance Automation.

Copies of the following roles need to be selected/created in the external security system.

Also refer to the description below to perform user maintenance with or without an SAP user store.

Required core roles for users in Redwood Finance Automation

Every user who needs to log on or to retrieve data from Redwood Finance Automation requires one of the following core roles assigned:

  1. scheduler-user or redwood-login: access/view rights only.
  2. scheduler-bae-only-user: restricted to logging on via the SAP Inbound interface. No login in dialog possible.

The second role is only relevant in scenario FCc where data from Redwood Finance Automation is transferred to an FCc tasklist (for example log information).

The role scheduler-user is required for any user who has to logon to the Redwood Finance Automation system.

For business users one of the following core roles need to be assigned:

  1. scheduler-business-user: used to display a simplified ui, especially for UserMessages.
  2. scheduler-it-user: used to display a simplified ui, including detailed technical views.

In addition to the required core roles one or more of the following Redwood Finance Automation specific roles need to be created in the external security system and assigned to the user there before the users can be imported.

Other relevant core roles

For your reference other Redwood Finance Automation relevant core roles are described below. Please refer to the security guide for further details.

  • scheduler-administrator - super user with all administrative rights.
  • scheduler-isolation-administrator - can import users.
  • scheduler-job-administrator - scheduler-event-operator as well as create, modify, delete events and processes. Delete and submit processes and process definitions.
  • scheduler-viewer - this user has read-only access to all object types.
  • scheduler-screen-reader - indicates that you are using a screen reader.
  • redwood-administrator - can perform all actions.
  • redwood-login - has access to Redwood Server only, cannot see any objects (always required, even for administrators).
  • redwood-support - read only access to all objects.

Redwood Finance Automation default roles

Default roles are shipped with Redwood Finance Automation for your convenience. For further details please refer to the FCA reference.

Role assignment for User authentication

The role assignment is always done in the external security system. To be able to do this, the default roles need to be created in the security system first. After assignment to the respective users, the mapping is done after the users have logged in or have been imported into the system.

Example for external role assignment:

  • Go to Security->Users

  • Click on the User Administration link (name is dependent on used security system)
  • Create user and assign roles with Edit

financeTopic

onsiteTopic

Installing RFAInstalling and Upgrading Redwood Finance Automation