Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Role Groups are configured in Setup / Users & Accounts / Users / Role Groups

Overview

Roles groups define the specific screen permissions in the AdminPortal user interface that are applicable required for specific roles or activities (sales, finance, admins, etc.). For API type role groups read and write access to various system elements (create accounts, generate reports, etc.) are also defined here at the group level.

One or more role groups are configured on roles to grant the role the permissions it requires (e.g. a role might require both sales and finance role group permissions to perform the role's function).

In the event role groups assigned to a role have opposing settings (one role group grants read rights to a screen/element and another does not grant read rights to the that screen/element) the role group that enables the permission will take precedence.

As of version 10.5.0 the system is automatically setup with four role groups (Admin, ReadOnly, API Admin and API ReadOnly). These core role groups cannot be modified or deleted.

Prerequisites

Role groups can be setup as needed, there are no prerequisite configuration steps.

Role Groups Panel

The Role Groups panel on the left of this screen allows you to select existing role groups to view and edit on the Edit Role Group panel to the right. Actions are also available in this panel which are shown as icons above the Filter text box. The available actions are described below.

Actions

Icon

Description

Image Modified

Deletes the role group if not in use

Image Modified

Adds a new role group

Edit Role Group Panel

The information in this panel reflects the currently selected role group. From here you can change role group details (fields will display a red left border if a value is required and purple text if the field is read-only and cannot be modifiednote: fields with a magenta left border are required).

Role Group Fields:

  • Name: a descriptive name for the role group or the permissions it provides

  • Type: indicates if the role group grants access to the Application UI (AdminPortal) or provides API permissions. A role group can only be setup with either the ‘Application’ type or the ‘API’ type, a group cannot be configured with both types

  • SCIM Default: used in systems integrated for single sign-on access (SSO). This setting determines the role group permissions setup by default when a group is pushed from an identity provider’s portal to LogiSense Billing. By default, the ReadOnly core role group will be configured with this setting but the SCIM Default can be enabled when creating a new role group if desired in order to define different default role group settings for the SCIM role

  • SAML Role Group Identifier: the name of the group setup on the identity provider

Permissions tab

On this tab you can view, enable and disable the permissions configured on the selected role group. Core role group permissions cannot be modified.

References tab

This tab indicates what roles are configured to use the selected role group.

...

Guides

Adding Role Groups

  1. Under the Role Groups heading on the left click the (blue star) icon

  2. Under the Add Role Group heading on the right specify the role group Name and Type

  3. For Application role groups:

    1. You can define access rights for UI users by using the Permissions tab to control menu level permissions. Click on the bar next to the menu name and you will be able to configure 'No Permission', 'Read Only', 'Full Permission' and 'Unrestricted'

    2. To control permissions at a screen level set the higher level menu permission to 'Unrestricted' and select a screen beneath the higher level menu item. From here check or uncheck the Read, Update, Create or Delete permissions as needed

  4. For API role groups:

    1. The Permissions tab will show read and write permissions that you can enable for an entire menu by clicking Read or Write boxes next to the menu heading. To set permissions on individually screens click Read or Write next to the screen names. Granting Write access to a screen or menu will automatically enable Read access as well

  5. Click Save when you have finished configuring permissions for the role group

...

Editing Role Groups

  1. Under the Role Groups heading on the left click the role group you wish to edit

  2. Under the Edit Role Group heading on the right modify the role group Name if desired

  3. On the Permissions tab enable or disable the desired permissions

  4. Click Save when you have finished making changes

...

Deleting Role Groups

Info

Note: The core role groups that come with the application (Admin, ReadOnly, API Admin and API ReadOnly) cannot be deleted.

  1. Under the Role Groups heading on the left select the role group you wish to delete

  2. Under the same Role Groups heading click the (blue star) icon

  3. On the confirmation dialog that appears select Yes