Overview
BlueDolphin uses Role-Based Access Control (RBAC). Every user is linked to one or more roles.
Each role defines a set of permissions: which actions the user with this role is allowed to perform with the objects and their properties, relationships, questionnaires, and views, for each object definition.
As an administrator you can:
- View roles
- Add and delete custom roles
- View and modify role permissions
- Link and unlink users to a role
These are the four default roles within BlueDolphin:
Role |
Description |
Administrators |
Only users with this role have access to the Admin module. |
Process Administrators |
Only users with this role (or the Administrators role) can make a process official (see Make a process view official). |
Source processors |
Only users with this role (or the Administrators role) have access to the menu option Source Processing.
|
Default users |
New users are automatically assigned to this role. |
Tip: You can rename a default role, but you cannot delete it.
Add a custom role
You can add a custom role to set up a combination of permissions that is different from any of the packaged roles.
To add a role, navigate to Admin > Roles and press the add icon
Enter the name of the new role and press OK.
Now configure the permissions for your custom role.
Manage role permissions
Role permissions govern which actions a user assigned to that role is allowed to perform. They can be configured for certain aspects of objects of each available object definition.
Those aspects are:
- Create object
- Delete object
- Object properties
- Object relationships
- Views
- Questionnaires
Object-level permissions
Read only |
Read and write | |
Objectproperties | User can only view all fields on the first General tab. | User can edit all fields on the first General tab. |
Relations & Diagram | User can only view relationships and relationship questionnaires but cannot add or delete them. | User can add and/or delete relationships and relationship questionnaires. |
Views | These settings don't have any effect. Users of any role can create views. | These settings don't have any effect. Users of any role can create views. |
Questionnaires added to an object definition |
User can only view fields except the fields marked as sensitive. |
User can edit all fields except read-only fields. |
To check the set of permissions for a specific role, go to Admin > Roles. Click on the Permissions tab and the list of all object definitions opens:
The set of default permissions for object definitions is read-only on all roles except the default roles of Administrators and Process administrators. The read-only permissions are automatically applied whenever:
- A new object definition is added
- A new role is created
- A new tenant is created
- A new questionnaire is added to an object definition
To change the permissions per role, click on the specific object definition for which you want to change settings. Customize permissions to your needs and click OK to save changes.
Reports permissions
All users, regardless of their role, can create and edit reports. However, only users with the Admin role have the permission to delete reports.
Permissions conflict
If a user is linked to multiple roles with conflicting permissions, BlueDolphin will grant the user the highest of the two conflicting permissions.
For example, if a user has two roles where one role contains the permission to create a Business Actor, while the other role does not contain that permission, the user will be allowed to create a Business Actor.
Remove a custom role
When you no longer need a custom role, you can remove it by using the Delete button.
Tip: You can delete custom roles, but you cannot delete the default roles in BlueDolphin.
Link or unlink a user and a role
Navigate to Admin > Roles and select the role for which you want to link or unlink users. The first tab shows a list of users currently linked to this role.
Press the small trash can icon to the right of the user to unlink it from this role. The user itself won't be deleted and any links to other roles are unaffected.
Press the Add user button to link a specific user to this role.
Note: Users without assigned roles can only access the process portal.
Comments
0 comments
Please sign in to leave a comment.