Documentation Center

Mapping Topology Manager roles to Windows groups

Topology Manager includes a number of roles that you can map to Windows user groups.

About this task

A Topology Manager installation includes the creation of the following roles with their associated rights:
OperationReadOnly roleReadOnlyService roleAdministrator role
Read normal dataAllowedAllowedAllowed
Read sensitive dataDeniedAllowedDenied
Write normal dataDeniedDeniedAllowed
Write sensitive dataDeniedDeniedAllowed

Procedure

  1. If you want to create dedicated Windows groups for the three roles, create and populate Windows groups with the following names in your domain:
    • Topology Manager Users for the ReadOnly role
    • Topology Manager Service Users for the ReadOnlyService role
    • Topology Manager Administrator for the Administrator role
  2. Access a machine on which Topology Manager is installed (a Content Manager server machine).
  3. Navigate to %TRIDION_HOME%\TopologyManager\web\.
  4. Open web.config for editing.
  5. Find the <topologyManagerRoles> section.
  6. If you created dedicated Windows groups, replace the word DOMAIN in each of the windowsGroup attributes of the add elements with the name of your domain.
  7. Alternatively, set each of the windowsGroup attributes of the add elements to the fully qualified name of a Windows group.
  8. Save and close web.config.
  9. Restart the Topology Manager web application.
  10. Repeat steps 2-9 on every other machine on which Topology Manager is installed.