The Roles feature provides the ability to create roles to assign application privileges to, or to enter Active Directory (Windows Security) roles (see note on windows security below). When you use the RUN CONFIGURATION WIZARD tool, you are prompted to create a standard authenticated user group role and an admin user group role. However, you have the freedom to create as many roles, internal or external, as you like and assign privileges to those roles as you see fit for your organization.
If you are using Active Directory or Security Token Service your Role Names for these groups must match the equivalent role name in your Active Directory or Security Token Service. Under certain AD configurations you many need to delete all roles that are not in Active Directory even if they are not being used by the user. The application does not know what role the user is in, it only knows what roles are necessary to gain access to each privilege and then asks Active Directory if the user is in each of those roles.
- Click + Add New. A new role form opens.
- Enter a name in the Role name input box.
- Select a role in the Copy privileges from dropdown list to populate a default set of privileges for the new role.
Note: Once the role is created, use the Role Privileges tab to modify the privileges assigned to the new role.
- If the role is external, check the box beside Is role external?.
Note: This is dependent on your selected Authentication mechanism.
- Enter a description in the Role description input box.
- Click Save to save the new role.
- Click the Edit icon in the Actions column for the role to be edited.
- Edit the Role name, Is role external selection, and/or Role description.
- Click Save to save your changes, or Cancel to cancel the operation.
- Click theDelete icon next to the role to be deleted. A confirmation dialog is displayed.
- Click Delete to delete the role, or Cancel to cancel the operation.
Heads Up! When the application is configured to use "Windows Security", you must still "create" the roles within this component, that you want to use from Active Directory. When using active directory roles you must also prefix your role/group names with the domain name. You must enter the exact name of the Active Directory role/group that you want to assign "privileges" to. The workflow is identical to setting up internal roles, except you do not need to assign the user to the role because the user/role relationship is already configured in Active Directory (groups). Creating the role within this component, that matches the Active Directory role is necessary because you need to be able to assign application privileges to that role.
Note: Leave role names blank to prevent the application from automatically assigning privileges.