Go to Users > Role Management. This is where you create new roles and make changes to the permissions for existing roles. You can also quickly assign roles to users from here.
Don't see this tab? You need to have 1) full permissions and scope, or 2) a role with the "Access Role Management Section" permission enabled.
Click the New Role button. Give the role a name and description, and then select the modules and permissions to be granted to a user when the role is assigned. Keep in mind that a user may be assigned multiple roles with different sets of permissions.
Select the role you want to assign and choose "Add To Users" from the Quick Actions menu. Then tell us which users should be assigned the role and click Save. You can remove roles from users in a similar way - just select the action Remove From Users.
Select any role in the list and choose Edit from the Quick Actions menu.
You can change the role name and description and edit the assigned permissions. Any changes you make to a role will apply to all users assigned that role. Please be sure you understand the impact to all users before making changes.
Warning - Be careful when removing the UI access permission from a role. A user will not be able to log into the UI if they don't have at least one role with the UI access permission assigned.
When you're editing the permissions for a role, you'll notice that you can define modules to be accessible and permissions within the module for the users with the current role. Learn more
The permissions for a module are organized into groups like Access Permissions, WAS Asset Permissions, User Permissions, and so on. These groups of permissions correspond to the applications available in your subscription (WAS, MDS, etc).
Simply click the title of a group to expand or hide its permissions. Then select the permissions you want to assign to the role.
This section allows you to give permissions to Admin module simultaneously. The following permissions can be granted:
|Create User||Allows user to create user from Users > User Management > Create User|
|Edit User||Allows user to edit user from Users > User Management > Quick Actions option for the user > Edit|
|Read User||Allows user to view user from Users > User Management > Quick Actions option for the user > View|
|Access Role Management Section||Allows user to view and access Users > Role Management tab|
|Create User Role||Allows user to create user role from Users > Role Management > New Role|
|Edit User Role||Allows user to edit user role from Users > Role Management > Quick Actions option for the user role > Edit|
|Delete User Role||Allows user to delete user role from Users > Role Management > Quick Actions option for the user role > Delete|
|Action Log Permissions|
|Action Log Access||Allows user to view and access Action Log tab|
|Update Defaults||Allows user to edit defaults from Users > Defaults > Edit|
You can grant GLOBAL permissions to a role. Upon assigning a role to a particular user, the global permissions are applied to that user.
The GLOBAL permission section allows you to give permissions to more than one module simultaneously. The following permissions are assigned from the GLOBAL section:
- Reporting permissions: Allows the user to read, create, edit, and delete a report.
- Tagging permissions: Allows the user to create, edit, delete user tags, and modify dynamic tag rules. Custom roles are created to control which tagging permissions should be assigned to a user with a particular role. By default, a Manager user is assigned all the tagging permissions. For example, a user can be given specific access to create, edit, and delete user tags but not to modify dynamic tag rules. A user can create and modify dynamic tags only if the "Modify Dynamic Tag Rules" checkbox is selected.
- Dashboard permissions: Allows the user to create, edit, and delete own dashboards, provide or restrict access to the Unified Dashboard application. You could also assign permissions to create, edit, delete, print or download dashboards created by other users.
Note: When you assign the Global Dashboard permissions to a role, the Global Dashboard permissions override the module-specific dashboard permissions. As a result, the module-specific dashboard permissions are ignored.
To know more about Global Dashboard permissions, see Global Dashboard permissions.
- Template permissions: Template permissions help you perform proper authorization checks when you create templates. By default, all template permissions are assigned to the Unit Manager role. For the Scanner role, by default, the Create, Edit, and Delete your own templates permissions are assigned. See Global Template Permissions.
You can add or remove permissions from multiple roles in a single action. Select the roles you want to change and then select Add Permissions or Remove Permissions from the Quick Actions menu. Then tell us which permissions the action applies to and click Save. For example, you might want to add the user permission "Access Role Management Section" to multiple roles. This permission allows users to access the Role Management tab in the Administration UI.
Yes. Select the role and choose Delete from the Quick Actions menu. The role you delete will no longer be assigned to users. It is removed automatically from all users' accounts (that had it previously assigned) and those users will no longer have the permissions granted by the role.
User permissions by role
User permissions by object
Assigned user roles
User Roles FAQ