Definition
A role is an element to which authorizations can be assigned on the one hand and users on the other. It bundles a set of authorizations in a logical, assignable element. The authorizations can be resources and roles (sub-roles). The users can be core identities (natural persons) and master data elements.
Usage
New roles are named, assigned to a responsible identity and categorized. In the case of a specific role, the associated resources, the core identities to which the role was assigned and the responsible approval groups are mapped (optional).
A user can delegate his / her roles: The Delegate field can be found under my Data - My roles. By specifying a different core identity, the reason and a time interval, the respective role can be assigned to someone else. The assignment must be approved by the responsible user or approval group.
A child role can be added to each role in the menu under member. This Parent-child relationship leads to the inheritance of resources: every resource that the parent role has at its disposal is automatically assigned to the child role.
Role attributes
The following standard and module-dependent attributes are available.
Standard attribut | Description |
|---|---|
Name | Friendly name of the role |
Description | Description of the role |
Owner | Owner of the role |
Category | Category of the role |
Assignment of roles
A role can be assigned to core identities (natural person) and master data elements (organizational units, clients, functions, etc.).
Here you can configure which role is assigned to which core identity type and under which conditions. Information about the relevant attribute and the condition must be defined: For example, the rule can be defined that only German-speaking external employees are given a given role. Sophisticated rules can also be created using regex.
Nest roles
Roles can be logically nested within one another. The following relationships exist for this on the role:
Relationship | Description |
|---|---|
Members | A list of roles that are members of the current role |
Members of | A list of roles in which the current role is a member |
Anhand eines Beispiels kann diese Beziehung weiter verdeutlicht werden. Die Rolle "Webshop - All Tenants" ist Mitglied von "Webshop - Tenant Contoso" und "Webshop - Tenant Bestrun". Durch die Zuweisung eines Benutzers zur Rolle "Webshop - All Tenants", wird der Benutzer automatisch auch Mitglied der Rollen "Webshop - Tenant Contoso" und "Webshop - Tenant Bestrun".