SlideShare a Scribd company logo
1 of 24
Download to read offline
© IBM Corporation 1
Presented by:
Securing the Automation of Application
Deployment with UrbanCode Deploy
Joanne Scouler
WW Cloud Sales
Enablement
jscouler@us.ibm.com
@joscouler on twitter
Thomas Hudson
Information Architect
thudson@us.ibm.com
November 5, 2015
© IBM Corporation 2
Security agenda
– Steps in setting up security
– Authorization
– Authentication
– Role configuration
– Guidance on configuring roles and permissions
– Security model
– Security model example
– Team configuration
– Approvals and notifications
– Statuses and gates
© IBM Corporation 3
Security objectives
In this module you learn how to:
• Create authorization realms and user groups
• Manage users in authentication realms
• Create and define roles and permissions for security
• Create teams
• Set up notifications and approvals
• Set up statuses and gates
© IBM Corporation 4
Guidelines for setting up security
1. Create an authorization realm.
Authorization realms handle user groups.
2. Create an authentication realm.
The authentication realm is used to determine a user's identity
within an authorization realm. (LDAP, AD, or SSO)
3. Create roles and define permissions for them.
For most situations, the default permission types should be
adequate.
4. Create or import users.
5. Create teams and assign users to them.
© IBM Corporation 5
IBM UrbanCode Deploy security
© IBM Corporation 6
Authorization realms
The Authorization Realms pane is used to create authorization realms and user
groups. Groups can be imported from external systems, such as LDAP.
© IBM Corporation 7
Authentication realms
• Authentication realms determine user identity within authorization realms.
• Users can be created manually or imported from external systems.
© IBM Corporation 8
Role configuration
– Roles provide permissions to users.
– A role is a set of permissions. Typically, the permissions in a
role define a particular activity that a user might do. IBM®
UrbanCode Deploy provides one role, the Administrator role,
which has all available permissions.
– Users are granted permissions by being assigned to roles.
When assigned to a role, a user is automatically granted all
permissions that are defined for the role. Typical activities
include changing or running an item, such as an application
process, or modifying security settings.
© IBM Corporation 9
Role configuration
© IBM Corporation 10
Guidance on configuring roles and permissions
When defining the roles for your organization, start by keeping the roles
simple, but sufficient to carry out the appropriate work.
Role Permissions
Configurator Resources (Create, Edit, View)
Application (Create, Edit, Manage Snapshots, Run Comp Process,
View)
Environment (Create, Edit, Execute, View)
Component (Create, Edit, Manage Versions, View)
Component Template (Create, Edit, View)
Release Engineer ( Resources (View)
Application (View, Manage Snapshots, Run Component Applications)
Environment (View and Execute)
Component (View)
Component Template (View)
Approver Resources (View)
Application (View)
Environment (View and Execute)
Component (View)
Component Template (View)
© IBM Corporation 11
Kinds of permissions
– Permissions generally fall into one of the following categories:
• The ability to view, modify or work with a specific object.
• The ability to create new object
• The ability to see some element of the User Interface
• The ability to manipulate the system/security as a whole, such as the
ability to define users and groups
– Permissions are cumulative
• One user may be assigned multiple roles on multiple teams. When considering a
specific capability, such as the ability to edit a certain object, a user may have
multiple relevant roles in relationship to that object. Permissions are cumulative –
as long as there is one role that provides the given Permission, the user has the
Permission, even if other roles don't provide the Permission.
© IBM Corporation 12
Team and role-based security model
© IBM Corporation 13
Security model example
© IBM Corporation 14
Security model – Defining roles
© IBM Corporation 15
Security model – Defining roles
© IBM Corporation 16
Team lead role
• It is useful to have role that manages team membership without
requiring the Administrator.
• Give the Add Team Members permission to the role designed to
manage the team.
• Users with this role can add and remove users from their team.
• Access the team manager feature by selecting My Profile > My
Teams.
© IBM Corporation 17
Defining and maintaining roles
When you select an
object, it lists all of the
defined Types of that
object. You define
permissions by Type
within a role.
You can select the menus
that the role will be able to
see in the Web User
Interface
© IBM Corporation 18
Mapping objects to a team
• To create an object, you must have the Create permission for the
object type. To create a component, for example, you must have a
role with the Create Component permission.
• When you create an object, such as a component, your teams are
automatically mapped to the object. You can change your user
preferences to modify this behavior.
• To map a team to an existing object, you must have a role with the
Manage Security permission.
© IBM Corporation 19
Steps for setting up approvals
– 1. Ensure that the users doing the approval belong to the appropriate role
– 2. Enable approvals on the desired environment
– 3. Identify the roles that will provide the approval
– 4. Define the approval process on the application
© IBM Corporation 20
Define statuses for components
Define the set of component version statuses
© IBM Corporation 21
Define the gates on environments
On the Application
configuration, define the gates
© IBM Corporation 22
Resources
– A Guide to Security Configuration in IBM UrbanCode Deploy
– UrbanCode Deploy Knowledge Center
© IBM Corporation 23
Summary
– In this module you learned how to:
• Create and define roles and permissions for security
• Manage users in authentication realms
• Create authorization realms and user groups
• Create teams
• Set up notifications and approvals
• Create statuses and gates
© IBM Corporation 24© IBM Corporation 24
Accelerating Digital Business

More Related Content

Viewers also liked

El Codigo ARCOIRIS. Objeto de estudio
El Codigo ARCOIRIS. Objeto de estudio El Codigo ARCOIRIS. Objeto de estudio
El Codigo ARCOIRIS. Objeto de estudio CLADC
 
Terrestrial LiDAR and Photogrammetry; a Historic Site Comparative
Terrestrial LiDAR and Photogrammetry; a Historic Site ComparativeTerrestrial LiDAR and Photogrammetry; a Historic Site Comparative
Terrestrial LiDAR and Photogrammetry; a Historic Site ComparativeCOGS Presentations
 
Mecanisme de gestion de la Secheresse en Tunisie
Mecanisme de gestion de la Secheresse en TunisieMecanisme de gestion de la Secheresse en Tunisie
Mecanisme de gestion de la Secheresse en TunisieNENAwaterscarcity
 
Llista de vocabulari 4 - Cicle mitjà
Llista de vocabulari 4 - Cicle mitjàLlista de vocabulari 4 - Cicle mitjà
Llista de vocabulari 4 - Cicle mitjàEnric Coll Vilella
 
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016PIYAL Bhuiyan
 
Legyen élmény a fizetés (HWSW App 2015 Nov)
Legyen élmény a fizetés (HWSW App 2015 Nov)Legyen élmény a fizetés (HWSW App 2015 Nov)
Legyen élmény a fizetés (HWSW App 2015 Nov)Tamas Biro
 
Early Renaissance - Italy, 1400-1500
Early Renaissance - Italy, 1400-1500Early Renaissance - Italy, 1400-1500
Early Renaissance - Italy, 1400-1500Gary Freeman
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 

Viewers also liked (13)

Portfolio
PortfolioPortfolio
Portfolio
 
Encopresis
EncopresisEncopresis
Encopresis
 
El Codigo ARCOIRIS. Objeto de estudio
El Codigo ARCOIRIS. Objeto de estudio El Codigo ARCOIRIS. Objeto de estudio
El Codigo ARCOIRIS. Objeto de estudio
 
Terrestrial LiDAR and Photogrammetry; a Historic Site Comparative
Terrestrial LiDAR and Photogrammetry; a Historic Site ComparativeTerrestrial LiDAR and Photogrammetry; a Historic Site Comparative
Terrestrial LiDAR and Photogrammetry; a Historic Site Comparative
 
Mecanisme de gestion de la Secheresse en Tunisie
Mecanisme de gestion de la Secheresse en TunisieMecanisme de gestion de la Secheresse en Tunisie
Mecanisme de gestion de la Secheresse en Tunisie
 
Llista de vocabulari 4 - Cicle mitjà
Llista de vocabulari 4 - Cicle mitjàLlista de vocabulari 4 - Cicle mitjà
Llista de vocabulari 4 - Cicle mitjà
 
Protocole ARP/RARP
Protocole ARP/RARPProtocole ARP/RARP
Protocole ARP/RARP
 
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016
 
Different Arduino Boards
Different Arduino BoardsDifferent Arduino Boards
Different Arduino Boards
 
Legyen élmény a fizetés (HWSW App 2015 Nov)
Legyen élmény a fizetés (HWSW App 2015 Nov)Legyen élmény a fizetés (HWSW App 2015 Nov)
Legyen élmény a fizetés (HWSW App 2015 Nov)
 
Early Renaissance - Italy, 1400-1500
Early Renaissance - Italy, 1400-1500Early Renaissance - Italy, 1400-1500
Early Renaissance - Italy, 1400-1500
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Resume - Ravi
Resume - RaviResume - Ravi
Resume - Ravi
 

Similar to Securitywebinar3 tph3

Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeployIBM UrbanCode Products
 
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...lisanl
 
Lecture 11 managing the network
Lecture 11   managing the networkLecture 11   managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practicesAhmed Keshk
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Introduction to the IBM Java Tools
Introduction to the IBM Java ToolsIntroduction to the IBM Java Tools
Introduction to the IBM Java ToolsChris Bailey
 
Application module slides
Application module slidesApplication module slides
Application module slidesJoanne Scouler
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
Anil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseapAnil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseapAnil Saldanha
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickMichael Man
 
The Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemThe Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemPrecisely
 
SFDC Deployments
SFDC DeploymentsSFDC Deployments
SFDC DeploymentsSujit Kumar
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!Dayalan Punniyamoorthy
 
Microsoft Dynamics CRM Certification Training
Microsoft Dynamics CRM Certification TrainingMicrosoft Dynamics CRM Certification Training
Microsoft Dynamics CRM Certification TrainingDavid Blumentals
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agileAlyssa Fox
 

Similar to Securitywebinar3 tph3 (20)

Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode Deploy
 
Security
SecuritySecurity
Security
 
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
 
Security lab
Security labSecurity lab
Security lab
 
Lecture 11 managing the network
Lecture 11   managing the networkLecture 11   managing the network
Lecture 11 managing the network
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practices
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and Sharing
 
Introduction to the IBM Java Tools
Introduction to the IBM Java ToolsIntroduction to the IBM Java Tools
Introduction to the IBM Java Tools
 
Application module slides
Application module slidesApplication module slides
Application module slides
 
Java EE Services
Java EE ServicesJava EE Services
Java EE Services
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
 
Anil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseapAnil saldhana securityassurancewithj_bosseap
Anil saldhana securityassurancewithj_bosseap
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security Brick
 
The Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemThe Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage Them
 
SFDC Deployments
SFDC DeploymentsSFDC Deployments
SFDC Deployments
 
IBM Connect 2016: Speaker Session with Teresa Deane, Senior Developer, BCC
IBM Connect 2016: Speaker Session with Teresa Deane, Senior Developer, BCCIBM Connect 2016: Speaker Session with Teresa Deane, Senior Developer, BCC
IBM Connect 2016: Speaker Session with Teresa Deane, Senior Developer, BCC
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!
 
Microsoft Dynamics CRM Certification Training
Microsoft Dynamics CRM Certification TrainingMicrosoft Dynamics CRM Certification Training
Microsoft Dynamics CRM Certification Training
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agile
 

More from Joanne Scouler

More from Joanne Scouler (7)

Overview
OverviewOverview
Overview
 
Resourceslab fixed
Resourceslab fixedResourceslab fixed
Resourceslab fixed
 
Resources Module slides
Resources Module slidesResources Module slides
Resources Module slides
 
Components module slides
Components module slidesComponents module slides
Components module slides
 
Components lab
Components labComponents lab
Components lab
 
Applications lab
Applications labApplications lab
Applications lab
 
Deployment module lab
Deployment module labDeployment module lab
Deployment module lab
 

Recently uploaded

Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Advantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxAdvantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxRTS corp
 
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdfSteve Caron
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...kalichargn70th171
 
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxUnderstanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxSasikiranMarri
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 

Recently uploaded (20)

Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Advantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxAdvantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptx
 
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
 
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxUnderstanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 

Securitywebinar3 tph3

  • 1. © IBM Corporation 1 Presented by: Securing the Automation of Application Deployment with UrbanCode Deploy Joanne Scouler WW Cloud Sales Enablement jscouler@us.ibm.com @joscouler on twitter Thomas Hudson Information Architect thudson@us.ibm.com November 5, 2015
  • 2. © IBM Corporation 2 Security agenda – Steps in setting up security – Authorization – Authentication – Role configuration – Guidance on configuring roles and permissions – Security model – Security model example – Team configuration – Approvals and notifications – Statuses and gates
  • 3. © IBM Corporation 3 Security objectives In this module you learn how to: • Create authorization realms and user groups • Manage users in authentication realms • Create and define roles and permissions for security • Create teams • Set up notifications and approvals • Set up statuses and gates
  • 4. © IBM Corporation 4 Guidelines for setting up security 1. Create an authorization realm. Authorization realms handle user groups. 2. Create an authentication realm. The authentication realm is used to determine a user's identity within an authorization realm. (LDAP, AD, or SSO) 3. Create roles and define permissions for them. For most situations, the default permission types should be adequate. 4. Create or import users. 5. Create teams and assign users to them.
  • 5. © IBM Corporation 5 IBM UrbanCode Deploy security
  • 6. © IBM Corporation 6 Authorization realms The Authorization Realms pane is used to create authorization realms and user groups. Groups can be imported from external systems, such as LDAP.
  • 7. © IBM Corporation 7 Authentication realms • Authentication realms determine user identity within authorization realms. • Users can be created manually or imported from external systems.
  • 8. © IBM Corporation 8 Role configuration – Roles provide permissions to users. – A role is a set of permissions. Typically, the permissions in a role define a particular activity that a user might do. IBM® UrbanCode Deploy provides one role, the Administrator role, which has all available permissions. – Users are granted permissions by being assigned to roles. When assigned to a role, a user is automatically granted all permissions that are defined for the role. Typical activities include changing or running an item, such as an application process, or modifying security settings.
  • 9. © IBM Corporation 9 Role configuration
  • 10. © IBM Corporation 10 Guidance on configuring roles and permissions When defining the roles for your organization, start by keeping the roles simple, but sufficient to carry out the appropriate work. Role Permissions Configurator Resources (Create, Edit, View) Application (Create, Edit, Manage Snapshots, Run Comp Process, View) Environment (Create, Edit, Execute, View) Component (Create, Edit, Manage Versions, View) Component Template (Create, Edit, View) Release Engineer ( Resources (View) Application (View, Manage Snapshots, Run Component Applications) Environment (View and Execute) Component (View) Component Template (View) Approver Resources (View) Application (View) Environment (View and Execute) Component (View) Component Template (View)
  • 11. © IBM Corporation 11 Kinds of permissions – Permissions generally fall into one of the following categories: • The ability to view, modify or work with a specific object. • The ability to create new object • The ability to see some element of the User Interface • The ability to manipulate the system/security as a whole, such as the ability to define users and groups – Permissions are cumulative • One user may be assigned multiple roles on multiple teams. When considering a specific capability, such as the ability to edit a certain object, a user may have multiple relevant roles in relationship to that object. Permissions are cumulative – as long as there is one role that provides the given Permission, the user has the Permission, even if other roles don't provide the Permission.
  • 12. © IBM Corporation 12 Team and role-based security model
  • 13. © IBM Corporation 13 Security model example
  • 14. © IBM Corporation 14 Security model – Defining roles
  • 15. © IBM Corporation 15 Security model – Defining roles
  • 16. © IBM Corporation 16 Team lead role • It is useful to have role that manages team membership without requiring the Administrator. • Give the Add Team Members permission to the role designed to manage the team. • Users with this role can add and remove users from their team. • Access the team manager feature by selecting My Profile > My Teams.
  • 17. © IBM Corporation 17 Defining and maintaining roles When you select an object, it lists all of the defined Types of that object. You define permissions by Type within a role. You can select the menus that the role will be able to see in the Web User Interface
  • 18. © IBM Corporation 18 Mapping objects to a team • To create an object, you must have the Create permission for the object type. To create a component, for example, you must have a role with the Create Component permission. • When you create an object, such as a component, your teams are automatically mapped to the object. You can change your user preferences to modify this behavior. • To map a team to an existing object, you must have a role with the Manage Security permission.
  • 19. © IBM Corporation 19 Steps for setting up approvals – 1. Ensure that the users doing the approval belong to the appropriate role – 2. Enable approvals on the desired environment – 3. Identify the roles that will provide the approval – 4. Define the approval process on the application
  • 20. © IBM Corporation 20 Define statuses for components Define the set of component version statuses
  • 21. © IBM Corporation 21 Define the gates on environments On the Application configuration, define the gates
  • 22. © IBM Corporation 22 Resources – A Guide to Security Configuration in IBM UrbanCode Deploy – UrbanCode Deploy Knowledge Center
  • 23. © IBM Corporation 23 Summary – In this module you learned how to: • Create and define roles and permissions for security • Manage users in authentication realms • Create authorization realms and user groups • Create teams • Set up notifications and approvals • Create statuses and gates
  • 24. © IBM Corporation 24© IBM Corporation 24 Accelerating Digital Business