Role Groups Screen

Owned by Tim Neil
Last updated: Jun 19, 2024 by Greg Walsh
4 min read

Role Groups are configured in Setup / Users & Accounts / Users / Role Groups

In this article:

Overview

Roles groups define the screen permissions in the AdminPortal user interface that are required for specific roles (sales, finance, admins, etc.). For API type role groups read and write access to various system elements (create accounts, generate reports, etc.) are also defined here at the group level.

One or more role groups are configured on roles to grant the role the permissions it requires (e.g. a role might require both sales and finance role group permissions to perform the role's function).

In the event role groups assigned to a role have opposing settings (one role group grants read rights to a screen/element and another does not grant read rights to that screen/element) the role group that enables the permission will take precedence.

As of version 10.5.0 the system is automatically setup with four role groups (Admin, ReadOnly, API Admin and API ReadOnly). These core role groups cannot be modified or deleted.

Prerequisites

Role groups can be setup as needed, there are no prerequisite configuration steps.

Role Groups Panel

The Role Groups panel on the left of this screen allows you to select existing role groups to view and edit on the Edit Role Group panel to the right. Actions are also available in this panel which are shown as icons above the Filter text box. The available actions are described below.

Actions

Icon

Description

Icon

Description

Deletes the role group if not in use

Adds a new role group

Edit Role Group Panel

The information in this panel reflects the currently selected role group. From here you can change role group details (note: fields with a magenta left border are required).

Role Group Fields:

  • Name: a descriptive name for the role group or the permissions it provides

  • Type: indicates if the role group grants access to the Application UI (AdminPortal) or provides API permissions. A role group can only be setup with either the ‘Application’ type or the ‘API’ type, a group cannot be configured with both types

  • SCIM Default: used in systems integrated for single sign-on access (SSO). This setting determines the role group permissions setup by default when a group is pushed from an identity provider’s portal to LogiSense Billing. By default, the ReadOnly core role group will be configured with this setting but the SCIM Default can be enabled when creating a new role group if desired in order to define different default role group settings for the SCIM role

  • SAML Role Group Identifier: the name of the group setup on the identity provider

Permissions tab

On this tab you can view, enable and disable the permissions configured on the selected role group. Core role group permissions cannot be modified.

References tab

This tab indicates what roles are configured to use the selected role group.

Guides

Adding Role Groups

  1. Under the Role Groups heading on the left click the  icon

  2. Under the Add Role Group heading on the right specify the role group Name and Type

  3. For Application role groups:

    1. You can define access rights for UI users by using the Permissions tab to control menu level permissions. Click on the bar next to the menu name and you will be able to configure 'No Permission', 'Read Only', 'Full Permission' and 'Unrestricted'

    2. To control permissions at a screen level set the higher level menu permission to 'Unrestricted' and select a screen beneath the higher level menu item. From here check or uncheck the Read, Update, Create or Delete permissions as needed

  4. For API role groups:

    1. The Permissions tab will show read and write permissions that you can enable for an entire menu by clicking Read or Write boxes next to the menu heading. To set permissions on individually screens click Read or Write next to the screen names. Granting Write access to a screen or menu will automatically enable Read access as well

  5. Click Save when you have finished configuring permissions for the role group

Editing Role Groups

  1. Under the Role Groups heading on the left click the role group you wish to edit

  2. Under the Edit Role Group heading on the right modify the role group Name if desired

  3. On the Permissions tab enable or disable the desired permissions

  4. Click Save when you have finished making changes

Deleting Role Groups

Note: The core role groups that come with the application (Admin, ReadOnly, API Admin and API ReadOnly) cannot be deleted.

  1. Under the Role Groups heading on the left select the role group you wish to delete

  2. Under the same Role Groups heading click the  icon

  3. On the confirmation dialog that appears select Yes

Related pages

SMTP Settings Screen
SMTP Settings Screen
v10 Documentation
Read with this
Users Screen
Users Screen
v10 Documentation
Read with this
Roles Screen
Roles Screen
v10 Documentation
Read with this

Copyright LogiSense 2020