Roles
Description
A role is an identity with specific permissions that can be assigned to a user, a group or an account. These permissions determine what operations are allowed on a resource. You can use roles to delegate access to users, applications or services. The main goal is to achieve an optimal security administration.
Roles can be defined at different levels:
- Organizational permissions.
- Application permissions.
- Low-level permissions.
When needed, generic roles can be created. When such a role is granted to any user, it is converted into a specific role by specifying an organization unit, information system or a specific value. So, for example, an generic emergency coordinator role can be created. The master emergency coordinator will have this role granted for the whole organization, while a remote office emergency coordinator will have this role granted for his single unit.
Related objects
Standard attributes
Role detail
- Name: name used to identify the role
- Description: detailed role description.
- System: information storage system from a technical point of view (active directory, database, CSV, ...).
- Category
- Information system name: asset or application, from a functional point of view, on which the permissions are granted or revoked.
- Domain: limitation of role scope to this domain. Initially there are two domains defined, Groups and Information Systems. It is allowed to add more domains.
- BPM enabled: enables "Role assignments" workflow.
- Approval start: at this date, Soffid will connect to the system and will assign the role. If there is no approval start, it will be assigned at the moment.
- Apploval end: at this date, Soffid will connect to the system and will revoke the role.
More information about workflows on the Workflow settings - BPM Editor chapter.
Granted roles
On the granted roles tab, you can assign the privileges of this role to another role in another system.
To assign privileges you must click the button with the add symbol (+), then select the target role, finish and apply changes. With this operation all the permissions of this will be assigned to the target role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Grantee roles
On the grantee roles tab, you can assign the privileges of a role of any other system to this role.
To assign privileges you must click the button with the add symbol (+), then select the source role, finish and apply changes. With this operation all the permissions of the source role will be assigned to this role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Grantee groups
On the grantee groups tab, you can assign the privileges from a specific group to this role from, or revoke the privileges.
To assign privileges you must click the button with the add symbol (+), then select the group, finish and apply changes. With this operation all the permissions of this group will be assigned to the role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Users
On the users tab, you can assign or revoke roles. To assign a role you must to click the button with the add symbol (+) and choose one or more users, fill the scope when it it mandatory, and set memebership properties. Each role needs an account to be applied to, so, if a user has no account on a system and a role on that system is granted, a new account will be created on this system. In case a user has more than one account on a system, you should indicate wich of the suitable accounts will be granted the role.
It is also possible to revoke roles to the user from the entitlement details or by selecting one or more records from the list and clicking the button with the subtraction symbol.
Additionally you can download a CSV file with the basic users data.
Actions
Roles query
| Query | Allows you to query roles through different search systems, Quick, Basic and Advanced. | 
| Add or remove columns | Allows you to show and hide columns in the table. | 
| Add new | Allows you to create a new role. | 
| Delete | Allows you to delete one or more roles by selecting one or more records. | 
| Import | Allows you to upload a csv file to add, update or delete roles. | 
| Download CSV file | Allows you to download a csv file with the basic roles data. | 
Roles detail
| Apply changes | Allows you to create a role or to update an exist role. | 
| Delete | Allows you to delete a role. | 
| Undo | Allows you to quit without applying any changes. | 
| Preview changes | Shows the pending changes. | 
| Apply preview changes | Allows to apply the pending changes. | 
Granted roles
| Apply changes | Allows you to update the data changes. | 
| Add | Allows you to add a new granted role. | 
| Delete | Allows you to delete permissions from one or more granted roles. | 
| Preview changes | Shows the pending changes. | 
| Apply preview changes | Allows to apply the pending changes. | 
Grantee roles
| Apply changes | Allows you to update the data changes. | 
| Add | Allows you to add a new grantee role. | 
| Delete | Allows you to delete permissions from one or more grantee roles. | 
| Preview changes | Shows the pending changes. | 
| Apply now (changes) | Allows to apply the pending changes. | 
Grantee groups
| Apply changes | Allows you to update the data changes. | 
| Add | Allows you to add new permissions from a group. | 
| Delete | Allows you to delete permissions from one or more groups. | 
| Preview changes | Shows the pending changes. | 
| Apply now (changes) | Allows you to apply the pending changes. | 
Users
| Add or remove columns | Allows you to show and hide columns in the table. | 
| Assign Role | Allows you to assign a role to one or more users. | 
| Revoke Role | Allows you to revoke a role to one or more users. | 
| Import | Allows you to upload a CSV file with the información about users to assign or revoke that role. | 
| Download CSV file | Allows you to download a CSV file with all the information about user. | 
