Core access management

Users who are assigned this role cannot log in to the BPC.
This makes it possible, for example, to maintain dedicated users in the Karaf Identity Provider who have access to the Karaf console but not to the BPC itself.

This right controls whether a user is allowed to use a module. MODULE_ID corresponds to the technical ID of the module, e.g. loadModule_monitor for the monitor module.
The corresponding right must be assigned for each module to be used. If the corresponding right is missing for a module, the user cannot access the configuration (see also Configuration API) of the module. The web client also does not load the associated JavaScript code.

This right is evaluated if access to instances has been restricted in the module (see Module_RestrictInstanceAccess in Configuration). If access is restricted, the user must have the right to the respective instance in addition to the loadModule_MODULE_ID right in order for the instance to be created.
MODULE_INSTANCE_ID is a placeholder for the specific ID of the instance.

This right controls whether the user can create instances of a module.
MODULE_ID corresponds to the technical ID of the module, e.g. createModuleInstances_monitor for the monitor module.

This right controls whether the user can delete instances of a module.
MODULE_ID corresponds to the technical ID of the module, e.g. deleteModuleInstances_monitor for the monitor module.

Allows the administration area to be displayed.

Authorizes the user to log in while the system is in maintenance mode.

This right can be used to read active sessions via the Status API.
This is also required to use the session overview widget.