The Authorization server manages access control using predefined roles and policy-based roles. Each role is associated with a specific set of permissions that define the actions that a user can perform within a system.

The following table provides a brief description of predefined roles and policy-based roles in the Authorization server:

Role Type Description
OECC_ADMIN Predefined Grants access to the OpenEdge Command Center server.
AUTHZ_ADMIN Predefined Grants access to create users and manage roles.
AGENT_ADMIN Predefined Grants access to manage the AGENT_ADMIN and AGENT_RESOURCE_USER roles in the Authorization server for the OpenEdge Command Center agent.
AGENT_RESOURCE_USER Policy-based Grants access to all the OpenEdge resources that the OpenEdge Command Center agent manages.

Role URN

A role Universal Resource Name (URN) identifies the roles within the Authorization server, indicating what a specific role has access to and where it is used. The Role URN format includes the resource name it represents, role name, and agent partition IDs (only when assigning roles to a user for an agent).

The following table lists roles and their corresponding URNs:
Role Role URN
OECC_ADMIN role:oecc/oecc_admin
AUTHZ_ADMIN role:authz/authz_admin
AGENT_ADMIN role:agent/<partitionid>/agent_admin
AGENT_RESOURCE_USER role:agent/<partitionid>/agent_resource_user
Note: The agent partition ID is a unique identifier assigned to each agent. You can obtain the agent partition ID using the Retrieve specific agent details API on the OpenEdge Command Center server. For more information, see "Retrieve specific agent details" in OpenEdge Command Center REST API Reference.