Roles
Define permissions for the Role object
The Role object contains data about the roles in your tenant. The Access Control List allows you to define permissions for the Role object. Modifying permissions for an object allows you to grant access to actions that affect the object, which can be executed from API calls or portal pages. You can grant a role full access, custom access, or no access to the object. You can also customize the level of access users have to the actions and fields within the object. The TenantAdministrator role has full access to all objects.
To define permissions for the Role object, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Object (System), and then select Role Object.Step InformationResult: The list of roles displays, along with each role's access to the object.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the object, select Full Access.Note:This allows all users within the role to use API calls to add, read, modify, search, and update the object itself, and all fields within the object.
-
To prevent the role from being able to view the object, select No Access.
-
To customize the level of access the role will have to the object, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions. -
-
If you selected Custom Access, under Action Level Permissions, turn the Execute switch on to allow, or off to disallow, each of the following actions.
-
Add: Allows the role to add new roles.
-
Read: Allows the role to view roles.
-
Modify: Allows the role to change the object definition for the Role object.
-
Search: Allows the role to search for specific roles.
-
Update: Allows the role to edit roles.
-
-
If you selected Custom Access, under Field Level Permissions, turn the Read switch on to allow read access, or off to disallow read access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the Role object.
-
If you selected Custom Access, under Field Level Permissions, turn the Update switch on to allow the role to update, or off to disallow update access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the Role object.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions.
-
Optional. To define permissions for portal pages that use data from the Role object, complete the following substeps.
-
To define whether the role can access the Roles page in the portal, Define permissions for the Roles page securable.
-
To define whether the role can access the Role page in the portal, Define permissions for the Role page securable.
-
Field level permissions for the Role object
The Access Control List (ACL) allows you to customize the level of access users have to the fields within the Role object.
The list of fields is populated from the list of attributes in the Role object. The following permissions can be modified for each field.
-
Read: allows or disallows read access.
-
Update: allows or disallows editing.
When modifying field level permissions, keep in mind that some fields are required for specific actions.
The following fields are available for the Role object.
Title
The title of a role.
Full access to this field is required when adding or editing a role.
Roleid
The ID assigned to a role.
Full access to this field is required when adding or editing a role.
Createdby
The userid of the user who created a role.
Full access to this field is required when adding a role.
Updatedby
The userid of the user who last updated a role.
Full access to this field is required when adding or editing a role.
Description
The description of a role.
Full access to this field is required when adding or editing a role.
Whencreated
The date and time a role was created.
Full access to this field is required when adding a role.
Whenupdated
The date and time a role was updated.
Full access to this field is required when adding or editing a role.
Systemdefined
Specifies whether the role type is system defined.
Full access to this field is required when adding or editing a role.
Define permissions for the UserRole object
The UserRole object contains data about the users assigned to roles in your tenant. The Access Control List allows you to define permissions for the UserRole object. Modifying permissions for an object allows you to grant access to actions that affect the object, which can be executed from API calls or portal pages. You can grant a role full access, custom access, or no access to the object. You can also customize the level of access users have to the actions and fields within the object. The TenantAdministrator role has full access to all objects.
To define permissions for the UserRole object, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Object (System), and then select UserRole Object.Step InformationResult: The list of roles displays, along with each role's access to the object.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the object, select Full Access.Note:This allows all users within the role to use API calls to add, read, modify, search, and update the object itself, and all fields within the object.
-
To prevent the role from being able to view the object, select No Access.
-
To customize the level of access the role will have to the object, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions. -
-
If you selected Custom Access, under Action Level Permissions, turn the Execute switch on to allow, or off to disallow, each of the following actions.
-
Add: Allows the role to assign new users to a role.
-
Read: Allows the role to view the list of users assigned to a role.
-
Modify: Allows the role to change the object definition for the UserRole object.
-
Search: Allows the role to search for specific users within a role.
-
Update: Allows the role to edit user assignments for a role.
-
-
If you selected Custom Access, under Field Level Permissions, turn the Read switch on to allow read access, or off to disallow read access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the UserRole object.
-
If you selected Custom Access, under Field Level Permissions, turn the Update switch on to allow the role to update, or off to disallow update access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the UserRole object.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions.
-
Optional. To define permissions for portal pages that use data from the UserRole object, complete the following substeps.
Field level permissions for the UserRole object
The Access Control List (ACL) allows you to customize the level of access users have to the fields within the UserRole object.
The list of fields is populated from the list of attributes in the UserRole object. The following permissions can be modified for each field.
-
Read: allows or disallows read access.
-
Update: allows or disallows editing.
When modifying field level permissions, keep in mind that some fields are required for specific actions.
The following fields are available for the UserRole object.
Roleid
The ID of the role to which a user is assigned.
Full access to this field is required when adding or editing a role assignment.
Userid
The ID of the user who is assigned to a role.
Full access to this field is required when adding or editing a role assignment.
Createdby
The userid of the user who created a role assignment.
Full access to this field is required when adding a role assignment.
Updatedby
The userid of the user who last updated a role assignment.
Full access to this field is required when adding or editing a role assignment.
Whencreated
The date and time a role was created.
Full access to this field is required when adding a role.
Whenupdated
The date and time a role was updated.
Full access to this field is required when adding or editing a role.
Define permissions for the Roles page securable
The Access Control List allows you to modify a role's permissions to the Roles page securable. This defines the role's level of access to the Roles page on the portal. This only controls access to the page itself. Access to the data within the page is inherited from the Role object. You can grant a role full access, custom access, or no access to the Roles page securable. The TenantAdministrator role has full access to all objects.
Prerequisites:
-
If you want to allow users to view or edit the Roles page, you must also grant permissions for any parent pages in the menu structure. For example, if the Roles page is nested under Administration, you must Define permissions for the Admin page securable.
To define permissions for the Roles page securable, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Page (System), and then select Roles Page Securable.Step InformationResult: The list of roles displays, along with each role's access to the page.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the page, select Full Access.
-
To prevent the role from being able to view the page, select No Access.
-
To customize the level of access the role will have to the page, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the page permissions were successfully updated. -
-
If you selected Custom Access, under Top Level Permissions, for Page, turn the View switch on to allow read access to the page, or off to disallow read access.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the page permissions were successfully updated.
Define permissions for the Role page securable
The Access Control List allows you to modify a role's permissions to the Role page securable. This defines the role's level of access to the Role page on the portal. This only controls access to the page itself. Access to the data within the page is inherited from the Role object. You can grant a role full access, custom access, or no access to the Role page securable. The TenantAdministrator role has full access to all objects.
Prerequisites:
-
If you want to allow users to view or edit the Role page, you must also grant permissions for any parent pages in the menu structure. For example, if the Roles page is nested under Administration > Roles, you must Define permissions for the Admin page securable, and Define permissions for the Roles page securable.
To define permissions for the Role page securable, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Page (System), and then select Role Page Securable.Step InformationResult: The list of roles displays, along with each role's access to the page.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the page, select Full Access.
-
To prevent the role from being able to view the page, select No Access.
-
To customize the level of access the role will have to the page, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the page permissions were successfully updated. -
-
If you selected Custom Access, under Top Level Permissions, for Page, turn the View switch on to allow read access to the page, or off to disallow read access.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the page permissions were successfully updated.
Loading...
There was a problem loading this topic