You are here: Learning the Basics > Security > Roles


The Roles feature provides the ability to create roles to assign application privileges to, or to enter Active Directory (Windows Security) roles (see note on windows security below). When you use the RUN CONFIGURATION WIZARD tool, you are prompted to create a standard authenticated user group role and an admin user group role. However, you have the freedom to create as many roles, internal or external, as you like and assign privileges to those roles as you see fit for your organization.

If you are using Active Directory or Security Token Service your Role Names for these groups must match the equivalent role name in your Active Directory or Security Token Service. Under certain AD configurations you many need to delete all roles that are not in Active Directory even if they are not being used by the user. The application does not know what role the user is in, it only knows what roles are necessary to gain access to each privilege and then asks Active Directory if the user is in each of those roles.


Heads Up! When the application is configured to use "Windows Security", you must still "create" the roles within this component, that you want to use from Active Directory. When using active directory roles you must also prefix your role/group names with the domain name. You must enter the exact name of the Active Directory role/group that you want to assign "privileges" to. The workflow is identical to setting up internal roles, except you do not need to assign the user to the role because the user/role relationship is already configured in Active Directory (groups). Creating the role within this component, that matches the Active Directory role is necessary because you need to be able to assign application privileges to that role.

Note: Leave role names blank to prevent the application from automatically assigning privileges.