Role management

To manage the roles on the platform, you must go to the Administration menu and click on Roles. This section of the platform configuration manages the roles and their parameters.

Role management is restricted by specific roles. If you do not have access to this part of the platform and need to manage roles, please contact your administrator.

Default Role Management

There are some resources that can be shared from parent organizations to child organizations, for example: Roles, Cartridges, and Rules.

For Roles, there are 2 types:

  • Created by System

  • Created by organizations

To differentiate between Roles created by the system and Roles created by organizations, and to be able to share the Roles with organizations easily, the platform introduces Default Role management.

Default Roles:

  • are system roles that consist of basic scopes.

  • will be created once you create a new organization.

  • will be carried forward to all Parent and Child organizations.

  • cannot be created or edited by users.

  • can be assigned to the users.

On the Roles page, if the Organization column shows SYSTEM, it means that it is a Default Role and it cannot be edited by users. Otherwise, if the Organization column shows an organization name, it means that the Role was created by a user at the organization level.

Roles list

Roles list

Into the role list screen, you can:

  • Filter the list to view a more restricted list of roles or perform a search.

  • Create a new role.

By selecting a specific role from the list, you can:

  • Display the entire history of the role selected if it is an organization created role. All changes made to the role since its creation are listed with the corresponding dates and the identity of the modifier.

  • View all role details with all associated scopes.

  • Edit the selected role if it is an organization created role. Users cannot edit SYSTEM Default Roles.

  • Duplicate the selected role if it is an organization created role. Users cannot duplicate SYSTEM Default Roles.

  • Delete the selected role if it is an organization created role. Users cannot delete SYSTEM Default Roles.

Detailed role information

For each role, the following information is available:

  • Id: Internal identifier.

To access or copy this identifier, click on the number located in the first column: it is copied to the clipboard. You can use it to document issues for example.

  • Organization: unique organization assigned to this role. If the organization is shown as SYSTEM, it is a Default Role.

  • Name: name used to identify the role.

  • Description: a short description of the role.

  • Scopes: list of permissions included in the role.

  • Delegates: list of permissions the user can delegate to another user.

Only users who can create or edit a role can delegate permissions.

Roles creation

Select the organization to which the role will apply and click on Create.

Create a role screen - general information and scopes and delegates Create a role screen - general information and scopes and delegates2

When creating a new role, you need to specify all of the following general fields:

  • Name: choose a meaningful name for your roles, this makes it easier to find and assign roles to users.

  • Description: short text summarizing the extent of the role.

  • Scopes: select all the permissions by which users with this role can act on configurations or payments for example.

To choose more than one item in a list, keep the control key (Ctrl) pressed down on your keyboard while clicking a new item on the list.

  • Delegates: if you want to give users with this role the possibility of managing roles themselves (scopes role:create & role:edit), you can select the list of scopes that this role can delegate.

To create a new role, you have to go to the last creation step (Review) and click on Create.