Info |
---|
Role Groups are configured in Setup / Users & Accounts / Users / Role Groups |
In this article:
Overview
Roles groups define the specific screen permissions in the AdminPortal user interface that are applicable required for specific roles or activities (sales, finance, admins, etc.). For API type role groups read and write access to various system elements (create accounts, generate reports, etc.) are also defined here at the group level.
One or more role groups are configured on roles to grant the role the permissions it requires (e.g. a role might require both sales and finance role group permissions to perform the role's function).
In the event role groups assigned to a role have opposing settings (one role group grants read rights to a screen/element and another does not grant read rights to the that screen/element) the role group that enables the permission will take precedence.
As of version 10.5.0 the system is automatically setup with four role groups (Admin, ReadOnly, API Admin and API ReadOnly). These core role groups cannot be modified or deleted.
Prerequisites
Role groups can be setup as needed, there are no prerequisite configuration steps.
Role Groups Panel
The Role Groups panel on the left of this screen allows you to select existing role groups to view and edit on the Edit Role Group panel to the right. Actions are also available in this panel which are shown as icons above the Filter text box. The available actions are described below.
Actions
Icon | Description |
---|---|
Deletes the role group if not in use | |
Adds a new role group |
Edit Role Group Panel
The information in this panel reflects the currently selected role group. From here you can change role group details (fields will display a red left border if a value is required and purple text if the field is read-only and cannot be modifiednote: fields with a magenta left border are required).
Role Group Fields:
Name: a descriptive name for the role group or the permissions it provides
Type: indicates if the role group grants access to the Application UI (AdminPortal) or provides API permissions. A role group can only be setup with either the ‘Application’ type or the ‘API’ type, a group cannot be configured with both types
SCIM Default: used in systems integrated for single sign-on access (SSO). This setting determines the role group permissions setup by default when a group is pushed from an identity provider’s portal to LogiSense Billing. By default, the ReadOnly core role group will be configured with this setting but the SCIM Default can be enabled when creating a new role group if desired in order to define different default role group settings for the SCIM role
SAML Role Group Identifier: the name of the group setup on the identity provider
Permissions tab
On this tab you can view, enable and disable the permissions configured on the selected role group. Core role group permissions cannot be modified.
References tab
This tab indicates what roles are configured to use the selected role group.
...
Guides
Adding Role Groups
Under the Role Groups heading on the left click the icon
Under the Add Role Group heading on the right specify the role group
...
Name and Type
For Application role groups:
You can define access rights for UI users by using the Permissions tab
...
to control menu level permissions
...
. Click on the bar next to the menu name
...
and you will be able to configure 'No Permission', 'Read Only', 'Full Permission' and 'Unrestricted'
To control permissions at a screen level set the higher level menu permission to 'Unrestricted' and select a screen beneath the higher level menu item. From here check or uncheck the Read, Update, Create or Delete permissions as needed
For API role groups:
The Permissions tab will show read and write permissions that you can enable for an entire menu by clicking Read or Write boxes next to the menu heading. To set permissions on individually screens click Read or Write next to the screen names. Granting Write access to a screen or menu will automatically enable Read access as well
Click Save when you have finished configuring permissions for the role group
...
Editing Role Groups
Under the Role Groups heading on the left click the role group you wish to edit
Under the Edit Role Group heading on the right modify the role group
...
Name if desired
On the Permissions tab enable or disable the desired permissions
Click Save when you have finished making changes
...
Deleting Role Groups
Info |
---|
Note: The core role groups that come with the application (Admin, ReadOnly, API Admin and API ReadOnly) cannot be deleted. |
Under the Role Groups heading on the left select the role group you wish to delete
Under the same Role Groups heading click the icon
On the confirmation dialog that appears select Yes