Role Groups are configured in Setup / Users & Accounts / Users / Role Groups
Roles groups define the specific screen permissions that are applicable for specific roles or activities (sales, finance, admins, etc.). One or more role groups are configured on roles to grant the role the permissions it requires (e.g. a role might require both sales and finance role group permissions to perform the role's function).
In the event role groups assigned to a role have opposing settings (one role group grants read rights to a screen and another does not grant read rights to the screen) the role group that enables the permission will take precedence.
As of version 10.5.0 the system is automatically setup with four role groups (Admin, ReadOnly, API Admin and API ReadOnly). These core role groups cannot be modified or deleted.
Role groups can be setup as needed, there are no prerequisite configuration steps.
The Role Groups panel on the left of this screen allows you to select existing role groups to view and edit on the Edit Role Group panel to the right. Actions are also available in this panel which are shown as icons above the Filter text box. The available actions are described below.
Deletes the role group if not in use
Adds a new role group
The information in this panel reflects the currently selected role group. From here you can change role group details (note: fields with a magenta left border are required).
Role Group Fields:
Name: a descriptive name for the role group or the permissions it provides
Type: indicates if the role group grants access to the Application UI (AdminPortal) or provides API permissions. A role can only be setup with either Application or API role groups, a role cannot be configured with both types of role groups
SCIM Default: used in systems integrated for single sign-on access. This setting determines the role group permissions setup by default when a group is pushed from an identity provider’s portal to LogiSense Billing. By default, the ReadOnly core role group will be configured with this setting but the SCIM Default can be enabled when creating a new role group if desired in order to define different default role group settings for the SCIM role
SAML Role Group Identifier: the name of the group setup on the identity provider
On this tab you can view, enable and disable the permissions configured on the selected role group. Core role group permissions cannot be modified.
This tab indicates what roles are configured to use the selected role group.
Under the Role Groups heading on the left click the icon
Under the Add Role Group heading on the right specify the role group Name and Type
For Application role groups:
You can define access rights for UI users by using the Permissions tab to control menu level permissions. Click on the bar next to the menu name and you will be able to configure 'No Permission', 'Read Only', 'Full Permission' and 'Unrestricted'
To control permissions at a screen level set the higher level menu permission to 'Unrestricted' and select a screen beneath the higher level menu item. From here check or uncheck the Read, Update, Create or Delete permissions as needed
For API role groups:
The Permissions tab will show read and write permissions that you can enable for an entire menu by clicking Read or Write boxes next to the menu heading. To set permissions on individually screens click Read or Write next to the screen names. Granting Write access to a screen or menu will automatically enable Read access as well
Click Save when you have finished configuring permissions for the role group
Under the Role Groups heading on the left click the role group you wish to edit
Under the Edit Role Group heading on the right modify the role group Name if desired
On the Permissions tab enable or disable the desired permissions
Click Save when you have finished making changes
Note: The core role groups that come with the application (Admin, ReadOnly, API Admin and API ReadOnly) cannot be deleted.
Under the Role Groups heading on the left select the role group you wish to delete
Under the same Role Groups heading click the icon
On the confirmation dialog that appears select Yes