Roles are used to group permissions. When a user has a role, then the user will have all permissions of that role.
A role-based access control (RBAC) system is a security model where roles are used to manage permissions across an organization. Here's an elaboration on the feature you mentioned:
About Roles as Grouping Mechanisms for Permissions
Concept of Roles: In RBAC, a "role" is a collection of permissions that define what actions a user can perform within a system. Roles are typically designed to align with job functions or responsibilities within an organization. For example, you might have roles such as "Administrator," "Editor," or "Viewer."
Grouping Permissions: Each role consists of a set of permissions that grant access to specific resources or allow the execution of certain actions. Permissions are granular and could include capabilities like "edit documents," "view financial reports," "delete records," etc. By grouping these permissions into roles, you can easily manage access controls.
For example:
- The "Administrator" role might include permissions to create, read, update, and delete all resources in the system.
- The "Editor" role might only have permissions to create and edit resources but not delete them.
- The "Viewer" role might only have permissions to read resources.
Assignment of Roles to Users: When a user is assigned a role, they automatically inherit all the permissions associated with that role. This means that the user's actions within the system are dictated by the permissions attached to their assigned role(s).
For example:
- If a user is assigned the "Editor" role, they will have the ability to create and edit content but not delete it.
- If another user is assigned the "Administrator" role, they will have full control over the system's resources.
Benefits:
- Simplified Management: Instead of assigning permissions to users individually, which can be time-consuming and error-prone, roles allow for a more structured and manageable approach. Changes to permissions can be made at the role level and will automatically apply to all users with that role.
- Scalability: As the organization grows, roles can be easily expanded or modified to accommodate new job functions or responsibilities without the need to reassign permissions individually.
- Consistency: Ensures that users with the same job functions have consistent access to resources, reducing the risk of unauthorized access or gaps in security.
Example Scenario
Imagine a company with a content management system (CMS). They might define roles such as:
- Content Creator: Can create and edit articles but cannot publish them.
- Content Publisher: Can publish articles created by others but cannot delete them.
- Admin: Can do everything, including managing user accounts and system settings.
By assigning these roles to users, the company ensures that each user has the appropriate level of access based on their job responsibilities, thereby maintaining security and efficiency.
Manage Roles
To manage roles navigate to omniCustomers \ Configure \ Roles.
Roles can be dynamic or static:
- Static role: A static role has a known name (like 'admin') and this name can't be changed. (But the display name can be changed). It's created by the Omnibasis and can not be deleted on the UI.
- Dynamic role: You can create a dynamic role at any time. Add new permissions to that role and assign the role to users.
One or more roles can be set as Default. Default roles are assigned to newly added/registered users by default.
Role Permissions
Since roles are used to group permissions, we can set permissions of a role while editing the role.
Click dropdown next to the role and select Edit
Navigate to 'App Permissions' section to see all app permissions. One that assigned to this role will have checkbox next to it.
Select permissions you want to assign to the role and click Save.
Note: you will need to reload the application to see permissions changes for your own role.
