What are Roles?
Roles are central to the model of access permissions and security permissions on your LogonBox. They are the mechanism by which you assign resources to users, and delegate the ability to perform administrative actions.
Users and/or groups are assigned to Roles. Those Roles in turn are then assigned to usable resources or authentication methods.
When a user logs on to the system, LogonBox queries their Role membership then displays menus and resources that also match the same Roles.
LogonBox also has very granular administration permissions delegation and again, this revolves around Roles. A Role is simply edited, the required permission is added to that Role which then automatically filters down to all members of that Role.
Permissions start from something simple such as being able to edit a resource but not create or delete anything, all the way up to full Administrator level access.
Roles can be created or edited from Access Control menu in the Roles sub-category.
The Roles Table
You can create your own Roles from here, the system automatically creates Roles for each username and group to save you time if you just wanted to assign a single user or group to a resource. We do not show these roles as they are special system roles, but when you assign a resource you will see the option to assign to users and groups directly.
The Roles table shows all available Roles as well as indicating the type of Role. There are also some special built-in Roles, which are mentioned below.
Assigning Resources
Users or Groups are assigned to each Role, any resource also assigned to the same Role is accessible by the Users, or any Users within the Groups that have been assigned. Just start typing in the name of any user or group (or type * to see all) and select the one you want before pressing Enter to add to the Role.
Creating or Updating a Role
Roles can be assigned to resource either during their creation or by editing the resource at any time. Click on the Roles tab and start typing the name of the Role you want which should automatically suggest roles as they match (or type * to see a list). Select the Role and press Enter to add the Role to the resource.
Assigning the Role to a Resource
Delegating Administrative Actions
When you Create or Update a Role, the Permissions tab allows you to add a set of permissions from the system. Most of these Permissions typically allow you to assign Create, Read, Update, Delete operations for each distinct area of the system. However there are some standard user permissions such as the ability to Logon or Update their own profile.
Simply move the Permissions you want to delegate over to the 'Included' section by clicking the down arrow on the permission itself to assign these to any Users or Groups attached to the Role.
Built-In Roles
There are a number of Roles that are predefined by the System. You cannot delete these built-in Roles but you can edit some of their permissions or assign users to them.
System Administrator
This role will only be available if you have an on-premise deployment. These users have complete control over all of the system, in any Realm.
Realm Administrator
This delegates all the available permissions within your LogonBox to the Users assigned giving them administrative powers. You may not edit the Permissions assigned to this Role, but you can edit the Users and Groups assigned.
Everyone
The Everyone Role includes all Users within your LogonBox. By default it provides the Logon, Profile Read and Profile Update Permissions so that all Users are able to access the System. Changes to this Role only affect the Realm in which it resides.
If Everyone is attached to a resource then anyone who can log in to the server will be able to see that resource. You do not have to add people to this role in order for it to work.
You cannot edit the Users or Groups assigned to this Role, but you can edit the Permissions assigned.
