Role-based security

With Role-based security (RBS), you can limit access to certain functions in Harmony Enterprise, based on permissions that are associated with assigned roles. You must enable this option if you want to use well security, and a database administrator can enable this feature after a database is created.

This functionality does not apply to .hldb files.

Depending on your role in Harmony Enterprise, you are able to do various things:

  • Super user — represents the highest level of authority and their role definitions cannot be altered. This user can create role permissions, and assign role definitions to other users.
  • Default — (Well Security: on) has full access to Harmony Enterprise except for the permissions controlled by RBS settings and modifying Well Security settings.
  • Default — (Well Security: off) has full access to Harmony Enterprise except for the permissions controlled by RBS settings.
  • User-defined roles — has full access to the rest of Harmony Enterprise along with a combination of any of the following permissions: manage Security settings, import wells / update wells from IHS Markit, delete wells, delete scenarios, modify editors, modify existing database connections, extract to .hldb files, and modify security attributes (if Well Security is enabled).

Role-based security is set in the Options dialog box, under the Role-based Security Settings node. To determine your permissions for your current session, click the Enable / Disable node. Any activities that are not allowed are displayed in red text under the Activities Not Permitted heading.

After clicking the Role Definitions node, you can add or remove roles. After you have added a role, you can rename it by double-clicking the role name in the Roles pane. (If you do not have permission to modify roles, the Permissions pane is grayed-out.) By selecting Modify Editors, you can change data in the Editors pane.

After clicking the Assignments node, you can assign users to various roles by clicking the checkboxes for the access you want to grant. Note that the superuser role cannot be assigned from the dialog box, and therefore it is grayed-out.

The permission you have for a given session remains the same, regardless of whether another user has made modifications to your permissions. To see any permission changes another user has made, requires Harmony Enterprise to be closed and re-opened. These changes persist after you click OK. Changes made by a user to their own role or role assignments (when they have the "modify role" permission) take effect immediately after they click OK.

If another user is updating user roles and assignments at the same time, you may need to close the project, reconnect, and try again. If this is the case, an error message is displayed in the Status Window.