i4connected Knowledgebase 5.6

Role packages

Abstract

Check out this article and learn more details about the Role package concept and how these entities help you in a more granular security distribution.

Multiple roles can be gathered up in the, so called, Role packages. The main benefit of using Role packages, while distributing user permissions, is that they offer the possibility of a more granular role assignment method, impacting both the global and the hierarchical levels.

Tip

For more details about management of Role packages please visit the dedicated article here.

As indicated, Role packages are a collection of Entity (hierarchical) roles and Global roles:

  • Entity roles are applied on a hierarchical level, ensuring that the assigned role(s) affect the user's permission in context of one or more hierarchical entities.

  • Global roles are applied on a global level, ensuring that the assigned role(s) affect the user's permission through out the entire environment.

Role packages are used when adding either new or existing users to a hierarchical entity, such as a Site, an Area and an Organizational Unit, using the Entity role assignments interface. The list of Role Packages, displayed during the assignment phase, is automatically filtered, to only display the Role Packages, containing Roles, and implicitly Permissions, to which the currently logged in user has access to.

Warning

As soon as a Role package is assigned to a user, in context of a hierarchical entity, the Role package entity itself is dissolved. Hence, if the system administrator decides to remove the role package assignment, the global roles will be preserved for the user and they need to be manually and individually removed.