Roles
The Roles table (md_role) is in the User Management System (UMS). This table defines the job functions, with the associated authority and responsibilities, within the context of an organization.
- For example, you can define an Accounts Payable role. This AP role has the following AP views associated with it: AP33, AP37, AP43 and AP51. When a user is assigned the AP role, that user has access to each of these views and the permissions assigned to the resources within the role.
- The AP role is defined in the Roles module.
- The resources, or the views, are added to the role in the Role Permissions module. At the same time, each resource is granted specific permissions or operations. For example, the AP role allows all users to 'execute' and 'read' each view, but the role does not allow users 'update' or 'delete' capability for data in these views. (Please note that this is just a hypothetical example.)
Note: When a user is created, a 'personal' role is automatically assigned. The Role Name will be the same as the User's Name. Any user-specific settings are kept under that role name. When the user is deleted, the role is deleted along with it. These roles cannot be maintained through the Roles view. These roles are all flagged as 'Is Personal' = Yes.
The Permissions special action is available on for each role. The Permissions action includes the ability to view and/or maintain the permissions associated with a specific role and, where applicable:
- Optionally adds related resources; and,
- Adds dependent resource groups.
The Permissions action includes the ability to add the permissions for a specific resource and is only available for users who are authorized to maintain roles and permissions.
The following list outlines how to maintain permissions for a given role:
- From within the Roles resource, select a role and click the Permissions action. The Roles Permissions definition window opens.
- Specify a resource name. Note: The resource Lookup and Table Search features are available.
- Optionally select the include Related Resources check box.
- Click the Add action.
- The specified resource is added to the list of resources associated with the current role.
- The specific operations (e.g. Create and Customize) are set based on the default values defined for the application's administrator role.
- Check or uncheck specific operations as required.
- Repeat steps 1 to 5 as necessary.
- Click Submit to save the role's permissions.
The following list defines every field available in the roles (md_role) table in alphabetical order:
- Created By
- displays the name of the user who created the record you are viewing or maintaining. May not be overridden.
- Created On - displays the date on which the record that you are creating or maintaining was created. May not be overridden. May also represent the creation date of the records you are attempting to retrieve.
- Database Name - the database associated with this role. The system will default the database name based on the role entered. If the system is unable to determine a database name to use, it will be defaulted to meta.
- This field is validated against the databases table.
- If any notification uses the role or if the role is personal, you will not be able to change the associated database.
- Description – displays a description of the role. When the role is a personal role, the system will ensure that the description is not maintainable.
- Extra Attributes - A CLOB-type field used to store additional JSON information.
- Is Personal – this field is not maintainable. The flag indicates whether or not the role is a personal role.
- A value of Yes indicates that the role is a personal role; personal roles cannot be assigned to any other user than the user for which the role was created.
- A value of No indicates that the role is not personal; non-personal roles can be assigned to more than one user.
- Modification Counter - you cannot edit this field. The date and time a given record was last modified.
- Modified By - this field is not maintainable. The user or system process that last modified the record.
- Modified On - this field is not maintainable. The date on which the record was last modified.
- Role Name – displays the name of the role. This field is available in creation mode only. We recommend that role names begin with 'ibis', for example ibis_ap or ibis_gl. This helps identify roles as belonging to the ibis database.
For the functionality of each action (i.e. button) available on this view, refer to the About the Actions topic.
|