A role is a security principle that allows a group of people to access the application. Role consists the group of permissions to be given to a user. The roles restrict the access of application (CRUD rights) constrained to the set of permissions assigned to it.
Figure: Role list in application
It opens a popup window to give a name of new role.
Figure: Create user
Actions are set of options available with roles to provide permissions, security, editing the name and deleting a role.
Figure: Actions in a role
Edit option redirects you to the page where you can edit the name of role.
Permissions the action of officially allowing someone to do a particular thing; consent or authorization. In this option, permissions are applicable at entity level. Four types of permissions (add/edit/delete/view) are available in Turanto. If a type of permission is selected in an entity, the role has accessibility to do particular operation in that entity.
Figure: Permissions Page
Add permission allows users in role to add new records in the entity.
Edit permission allows users in role to edit existing records in the entity.
Delete permission allows users in role to delete existing records in the entity.
View permission allows users to see the entity and records. In other words, users can see only those entities; for which the view permission is assigned.
The permission enables verbs in the entity. Two default verbs 'Bulk Update' and 'Bulk Delete' are created by Turanto. Rest custom verbs will be displayed here that were created during modeling.
This permission allows users to edit and delete only those records that are owned by users. The permission uses association of entity with user. When an entity is associated with user entity, each record of the entity is assigned with a user. The application evaluates the user value of record with application users. When the username matches, application considers him/her as the owner of record. Thus, the logged in user can edit/delete that record. For records of other users, the current user can only view the record.Self-service option is available on entities that are directly or indirectly associated with user id. The dropdown in self-association shows the name of association/entity by which the user id is governed.
With user registration administrators can allow new users to create a record in entity (which is directly associated with user id) even if he is not assigned with any role and its concerned permissions. Auto-registration works with default role i.e. the role in which Auto-registration is activated should be set as default role for new users. In case if two roles have auto-registrations checked true, the role set as default will be in action.
The permissions can be given to role to perform administrative operations in application.
Figure: Admin Privileges
The admin permissions are similar to entity permission. The only difference is instead of records, the Add, Update, Delete and View permissions are provided for admin settings.
Field Level Security
Field level security applies permissions on the properties of the entity. This is granular level security which when applied, security prevents the users in role to view or edit the selected properties. The security works in collaboration with entity permissions. The users in role are allowed to specific entities. They can add/update/delete records in entity. They can only edit or view the properties that are allowed to role. Note that dropdown associaitons are also considered as fields here.
Figure: Field level security
This option before deleting a role asks for confirmation (To avoid by-mistake delete of user).
A role can be assigned to multiple users at single instant of time. Check the users you want role to be assigned.
Figure: Assign role to multiple users
Set This as Default for New Role
This option assign selected role as the default role for every new user login. The new registration through login screen or created by admin, will entertain all the benefits of a default role. This option needs to be checked to use the self-registration feature given in entity permissions page.