Documentation
Start typing to search…

Roles

RBAC - Role Based Access

📘

The role is the main building block in the Role Based Access Model (RBAC)

The Role encapsulates the actions, the scope of data and the shared entities accessible to it.

The Role is assigned to users, that are given that access based on it.

Example Diagram: Account-Role-User Relations

flowchart LR 
 A1("`<i class="fa-regular fa-cloud"></i> #nbsp; Account 1`") -.-> R1(<i class="fa-solid fa-user-gear"></i> Role 1)
 A2("`<i class="fa-regular fa-cloud"></i> #nbsp; Account 2`") -.-> R1
 A3("`<i class="fa-regular fa-cloud"></i> #nbsp; Account 3`") -.-> R2(<i class="fa-solid fa-user-gear"></i> Role 2)
 A4("`<i class="fa-regular fa-cloud"></i> #nbsp; Account 4`") -.-> R3(<i class="fa-solid fa-user-gear"></i> Role 3)
 
 R1 -.-> U1(<i class="fa-regular fa-user"></i> User 1)
 R1 -.-> U2(<i class="fa-regular fa-user"></i> User 2)
 R2 -.-> U2(<i class="fa-regular fa-user"></i> User 2)
 R3 -.-> U3(<i class="fa-regular fa-user"></i> User 3)

The Role Contents

The role tabs

Metadata

The Role's metadata contains information used to reference

  • Role name - Give the role a meaningful name according to the permission and access it provides.
  • Role Description - (Optional) Addtional free text to describe this role in more detail.
  • Role ID - Might be required by 3rd party platforms
  • Created By - Can be a built-in role provided by the platform, or a role created by one of your organization admins with permissions to create roles.
  • Updated By - An admin the has updated the role's content or metadata.
  • Creation date and Update date - To provide additional mnemonics for distinguishing between roles with similar names.
Users

The list of users this role is assigned to.

  • Remember - A role can be assigned to multiple users.
  • Remember - A user can be assigned multiple roles.
(Sub) Roles

Lising the sub-roles included in this role.

  • The list contains both built-in and custom roles.
  • The list contains roles that are directly chosen as sub-roles, 2nd level sub-roles are not listed.
  • 2nd level sub-roles can be viewed from within their direct parent role.
  • Sub-roles bring the data access and permission configuration to the parent role.
Permissions

Specify the actions this role allows.

  • The Effective permissions is the superset of permissions
    • From the sub-roles included in the role
    • From the role's direct definitions
  • The permissions determine allowed actions
    • List & View
    • Create, update & delete
    • Impersonate to other users (Relevant to Admins)
    • Run As - To detemine access for back-end processes
Data Access
  • The sub accounts you can access using thie role.
  • Sub accounts can be linked to the role in several ways:
    • Assignment of Accounts
    • Assignment of Cost Centers
    • Derived from roles included in the role (see the "Roles" tab)
    • Direct Assignment of sub accounts (not recommended)

Think Modular

  • Use the built-in roles to define your own granular custom roles as building blocks
    • With granular permissions
    • With granular access to specific accounts
  • Include one or more custom roles in larger scale roles, to provide more access.

Modular Role Example

Updated about 23 hours ago