Roles

The Roles module allows administrators to manage sets of permissions called “roles” which grant users access to perform actions in the system. These roles can later be applied to accounts via the User Administration manager.

Only accounts with an Access Level of System Administrator, Database Manager, or Local Administrator may access the Roles manager. These types of accounts are inherently granted access to view the manager. They must have explicit permission to add, edit or delete roles. Accounts with an Access Level of User will not be able to view the Roles manager or perform any actions on it.

The Roles Manager consists of:

• a table that displays existing roles.  Local Administrators can only view and modify roles for their institution.

• a Filter button, below the table, that opens the Standard Search dialog to allow users to filter and the roles displayed.

• buttons, to the right of the table, that allow administrators to:

  • Create a New Role

  • View a Role

  • Edit a Role

  • Delete a Role

Users must have permission to add, edit or delete roles.

Role Editor

A role's name, description, and set of permissions can be defined from the Roles Editor.  It can also be used to identify the users that are assigned a specific role.  

To display a list of users that are assigned the role currently open in the editor, press the Show Assigned Users button.

To assign permissions to a role, place a check in the check box next to the permission and save.  Individual permissions can be displayed by expanding the folders in the tree view. For a list of permissions and their explanations the Role Permissions page.

Before a role can be assigned to a user, it must first be defined in the Roles manager.  Once a role has been defined and saved, it becomes available on the User Editor and can be assigned to a user.

To create a new role:

1. In the Roles manager, press the New button.  The Role editor will open for a new role.

   
2. Enter the name of the role.
3. Enter a description (optional).
4. Assign the permissions for the role by expanding the permissions folders and placing a check next to every permission the role should have.  Every user that has this role assigned will have these permissions.  Users can be assigned multiple roles.
5. Select Save from the File menu or press the Save button.  The new role should be listed in the Roles manager.

To view a role:

Viewing a role will display all information about the role without the ability to edit.  No information for a role can be changed by viewing it.

1. Select the role to be viewed in the Roles manager.
2. Press the View button.  The Role editor will open in view mode.

• Expand the permissions folders to view permissions assigned to this role.  There will be a check next to all assigned permissions.
• The Show Assigned Users button will display a list of all users that have this role assigned.  Users can be assigned multiple roles.

Existing roles can be modified by editing them in the Roles manager.  The changes will be applied to all users that have the role assigned.

To edit a role:

1. Select the role to be edited in the Roles manager.
2. Press the Edit button.  The Role editor will open for the selected role.
3. Make any changes, as necessary.
4. Select Save from the File menu or press the Save button to save the changes.
   • The changes will not be saved if any errors are present.  Any fields with errors will be shaded red.  Hover the mouse cursor over the field to open a ToolTip with a description of the error.

A role that is not needed can be deleted from the Roles manager.  A role cannot be deleted if it is assigned to users.  Press the Show Assigned Users button for a list of users that have that role assigned.

To delete a role:

1. Select the role to be deleted in the Roles manager.
2. Press the Delete button.  A confirmation dialog will be displayed.  Select Yes to delete the role.  Select No to return to BSI without deleting the selected role.
   • An error message will be displayed if the role is currently assigned to any users.