Let's assume for a moment that the type of lock system you installed in your house is a very sophisticated one. With that lock system, you have the capability to issue different kinds of keys. The master key, which very likely you will take charge of, would be enabled to open all of the locks installed throughout your house. There would be other keys that may not have the same capability. All of the keys will open the front door. In addition, some may open the kitchen pantry and the door to the garage; other keys may open the office but not the locks in the kitchen to the pantry or the garage. OK, I admit: this is stretching the front door analogy a little bit too far. Nevertheless, I hope the point is made.
WebSphere provides several user roles; the most common ones will be briefly described next.
- Monitor: Capable of viewing the current WebSphere configuration and the state of the application servers (JVM's).
- Configurator: In addition to being able to do what the Monitor does, the configurator is capable of performing activities related to configuration of the application servers and the deployment of applications (for example, creating resources like virtual hosts, mapping application servers, and so on.)
- Operator: Entitled to the same privileges of a Monitor, an Operator has the ability to change the runtime status of the application servers.
- Deployer: In addition to be able to perform the tasks of a Monitor, a Deployer has the capability to perform configuration and change run status of applications.
- Administrator: Capable of performing any of the tasks of the previous roles plus can assign add user to any of the roles, affect the configuration and runtime status of the WebSphere infrastructure (for example, deployment manager and node agents).
Note
Additional information about roles can be found in the IBM WebSphere V7 Information Center: http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/rsec_adminroles.html.
For most organizations, using Monitor and Administrator will suffice. If there is an Operations group in your company, you probably have written (or will write) simple scripts to stop and start enterprise applications, thus there is no need for Operations folks to need access to the WebSphere Console.