Roles are configured in Setup / Users & Accounts / Users / Roles
Guides in this article:
Roles are assigned one or more role groups to determine the permissions that a role is granted. Once roles are set up they can be assigned to users in order to impart the needed permissions to that user.
In the event role groups assigned to a role have opposing settings (one role group grants read rights to a screen and another does not grant read rights to the screen) the role group that enables the permission will take precedence.
As of version 10.5.0 the system is configured with four roles (Read Only Core, Admin, API Admin and API ReadOnly). These roles use core role groups to define their permissions. These default core roles cannot be modified or deleted.
Role groups must be setup in order to assign permissions to roles
The Roles panel on the left of this screen allows you to select existing roles to view and edit on the Edit Role panel to the right. Actions are also available in this panel which are shown as icons above the Filter text box. The available actions are described below.
Icon | Description |
---|---|
Deletes the role if not in use | |
Adds a new role |
The information in this panel reflects the currently selected role. From here you can change role details (note: fields with a magenta left border are required).
Role Fields:
Name: a descriptive name for the role (administrator, account manager, etc.)
Type: indicates if the role provides permissions to access the Application UI (AdminPortal) or provides API permissions. A role can only be setup with either the ‘Application’ or ‘API’ role group, a role cannot be configured with both types of role groups
SCIM Role: used in systems integrated for single sign-on access. This setting indicates that the role was created when a group was pushed from an identity provider portal to LogiSense Billing. The role group created for the SCIM Role will have the SCIM Default role group permissions assigned to it (see the role groups screen help for details on the SCIM Default role group setting). SCIM Roles can be renamed as needed to provide a meaningful role name, but other settings cannot be modified (e.g. adding or removing role groups assigned to the role). Changes to the permissions on the SCIM role can be performed as normal by editing the role group permissions for the role group attached to the SCIM role
On this tab you can view, add and delete role groups which define the permissions granted to the role. You can only select role groups that match the role type (e.g. if the role Type is set to ‘API’ then only role groups configured with the Type ‘API’ will appear in the Role Groups drop down field).
This section indicates where the selected role is in use within the system. A Filter References field is present which allows you to filter down to see references related to a particular system entity. The Entity Filter will be disabled when viewing a core role group.
Under the Roles heading on the left click the icon
Under the Add Role heading on the right specify the role name
On the Role Groups tab select one or more role groups that you wish to assign to the role and click + Add
Click Save
Under the Role heading on the left click the role you wish to edit
Under the Edit Role heading on the right modify the role Name if desired
On the Role Groups tab add or remove the desired role groups to modify the permissions granted to the role
Click Save when you have finished making changes
Note: The core roles that come with the application (Read Only Core, Admin, API Admin and API ReadOnly) cannot be deleted.
Under the Roles heading on the left select the role you wish to delete
Under the same Roles heading click the icon
On the confirmation dialog that appears select Yes