Altova FlowForce Server 2026

Navigation: Installation and Configuration > Administration Tasks

Define Users and Roles

A user account is defined by a login name and password and has a set of access rights associated with it. Users access FlowForce Server for administrative purposes or as end users.

Access rights are determined by the privileges a user is granted. A user receives privileges in the following ways:

•privileges inherited from roles the user is a member of and

•privileges assigned directly to the user.

A role is defined by a set of privileges. A role is assigned privileges directly and/or inherits the privileges of another role that it is a member of. Privileges themselves are access rights to the various administrative functions and services of FlowForce Server. Examples of privileges are as follows: the right to override security settings, to set a user's own password, to stop any job.

Through the use of roles, user privileges can be defined in a hierarchical way. For example, the SimpleAdmin role has the Stop any job privilege. If AdvancedAdmin is a member of SimpleAdmin, AdvancedAdmin inherits the right to stop any job, regardless of the user who created this job, and could additionally be assigned the Maintain users, roles and privileges privilege. The hierarchical chain can then be further extended.

About users

A user is a person who logs on to FlowForce Server to create and monitor jobs, deploy MapForce mappings and StyleVision transformations, and configure various settings. The scope of actions available to users in FlowForce Server depends on the following:

•The permissions and privileges assigned to the users

•The permissions and privileges assigned to the roles that the users are members of

Two special users are predefined:

•The root user is the initial administrator user. By default, it has all permissions and privileges available in the system. Its initial name-password combination is root-root. The password can be changed at any time.

•The anonymous account is for anonymous users that access services exposed via the HTTP service interface (see Jobs as Web Services). It cannot be used for logging in to the Web UI, and it has no initial password.

For more information about how to create, edit, import, and delete users, see Users.

About roles

A role defines a set of privileges and permissions. It can be assigned to another role or to a user. A role's privileges automatically become the privileges of any other role or any user that the role is assigned to. A user can be assigned any number of roles. As a result, a user will have all the privileges defined in the multiple assigned roles.

Note that privileges are global, whereas permissions are defined per container.

The following roles are predefined:

•The authenticated role is automatically assigned to every user except the anonymous account.

•The all role is automatically assigned to every user including the anonymous user.

For more information about how to create, edit, import, and delete roles, see Roles.

About domains

FlowForce Server can integrate with Windows Active Directory or another LDAP Directory Service. You can import individual domain users or entire domain groups. For more information, see Domain Users and Groups.

About privileges

A privilege is an activity that a user is allowed to carry out (e.g., set a password, read users and roles, stop any job, etc.). A user can be assigned zero to all of the available privileges. It is recommended to assign privileges via roles rather than to assign privileges directly to the user. The assigning of privileges and roles to a user is done by a user that has been assigned this privilege. Initially, it is the root user that has this privilege.

Inheritance

You can assign privileges directly to a user (e.g., user Alethia Alonso) or to a particular role (e.g., Marketing Manager). It is recommended to assign privileges to roles rather than to individual users because it simplifies the maintenance and management of privileges in the long term.

You can model the hierarchy of your organization by assigning roles to other roles in FlowForce Server. The diagram below illustrates a sample organization, for which three roles and one user have been defined. The role Employees role contains a role called role Marketing Department. This means that the privileges and permissions granted to the role Employees role will automatically be inherited by the users belonging to the role Marketing Department role.

The role Marketing Department role contains the role Marketing Manager role. In this case, the role Marketing Manager role will inherit all the privileges from the role Marketing Department and role Employees roles. A user called user Alethia Alonso is the marketing manager, and she has been assigned the role Marketing Manager role. This implies that she will inherit all the privileges from the broader roles.

Available privileges

For more information about the available privileges, see Privileges.

The tab Administration | Reports | Privileges Report provides a list of all privileges, with each privilege being listed together with all the users/roles that have that privilege.