Managing Roles

Roles define sets of permissions that can be assigned to users or groups. Roles are scoped to organizations and control what actions users can perform on resources.

Role Overview

Roles have the following properties:

Name: Unique name for the role within an organization
Description: Description explaining the role's purpose
Organization: The organization the role belongs to
Permissions: Individual permissions assigned to the role
Permission Groups: Permission groups assigned to the role

Creating Roles

Required Information

Name: Unique name for the role (required)
Description: Description of the role (required)

Configuration Steps

Navigate to the Roles page
Click the "Add Role" button (or similar action)
Fill in the role form:

Enter Role Name

Provide a unique name for the role.

Required: Yes

Field: Name

Validation: Must be unique within the organization

Example: "Admin Role", "Viewer Role", "Editor Role"

Enter Description

Provide a description explaining the role's purpose and responsibilities.

Required: Yes

Field: Description

Example: "Full access to all resources", "Read-only access to reports"

Select Permissions (Optional)

Choose individual permissions to assign to the role.

Required: No

Field: Permissions

How to select:

Use the multi-select dropdown with search
Search for permissions by name
Select multiple permissions
Permissions define what actions can be performed on resources

Permission Types:

Resource Permissions: Permissions for specific resources (tables, rows, columns, JSON keys)
Action Permissions: Permissions for specific actions (read, write, delete, etc.)
Conditional Permissions: Permissions with conditions (ABAC)

Select Permission Groups (Optional)

Choose permission groups to assign to the role.

Required: No

Field: Permission Groups

How to select:

Use the multi-select dropdown with search
Search for permission groups by name
Select multiple permission groups
Permission groups contain collections of related permissions

How it works: Assigning a permission group assigns all permissions in that group to the role.

Click "Save" to create the role

Editing Roles

To edit an existing role:

Navigate to the Roles page
Find the role in the roles list
Click the "Edit" icon next to the role
The role form opens with existing data
Modify:
- Name: Can be changed (must remain unique)
- Description: Can be changed
- Permissions: Add or remove individual permissions
- Permission Groups: Add or remove permission groups
Click "Save" to apply changes

Note: Changes to role permissions affect all users and groups with that role assigned.

Understanding Permissions

Permission Structure

Permissions define access control:

Resource Type: What resource the permission applies to (TABLE, ROW, COLUMN, JSON_KEY)
Resource Name: The specific resource (table name, column name, etc.)
Resource Identifier: For row-level permissions, the primary key or condition
Actions: What actions are allowed (read, write, delete, etc.) - represented as bitmask
Conditions: Optional conditions for attribute-based access control (ABAC)

Permission Groups

Permission groups organize related permissions:

Grouped Permissions: Collections of permissions grouped together
Easier Management: Assign multiple permissions at once
Logical Organization: Organize permissions by function or resource type

Permission Assignment

Permissions can be assigned:

Directly: Assign individual permissions to roles
Through Groups: Assign permission groups to roles (includes all permissions in group)
Combined: Use both individual permissions and permission groups

Role Assignment

Roles can be assigned to:

Users: Direct role assignment to individual users
Groups: Role assignment to groups (users inherit group roles)

Assigning Roles to Users

To assign a role to a user:

Edit the user
In the Roles field, select the role
Save changes

How it works: User gains all permissions defined in the assigned role.

Assigning Roles to Groups

To assign a role to a group:

Edit the group
In the Roles field, select the role
Save changes

How it works: All users in the group inherit the role and its permissions.

Role List Features

Search Roles

Use the search bar to find roles:

Search By: Role name
Real-time: Results update as you type
Case Insensitive: Search is case-insensitive

View Role Details

Click on a role to view details:

Role Information: Name, description, organization
Permissions: Individual permissions assigned
Permission Groups: Permission groups assigned
Assigned To: Users and groups with this role
Created/Updated: Timestamps and user information

Delete Roles

To delete a role:

Navigate to the Roles page
Find the role in the list
Click the "Delete" icon
Confirm deletion in the confirmation dialog

Warning: Deleting a role removes permissions from all users and groups with that role assigned. Ensure the role is no longer needed before deletion.

Best Practices

Role Design

Clear Names: Use clear, descriptive names for roles
Descriptive Descriptions: Explain role purpose and scope
Logical Permissions: Assign permissions that make sense together
Minimal Permissions: Follow principle of least privilege

Permission Management

Permission Groups: Use permission groups for common permission sets
Individual Permissions: Use individual permissions for specific needs
Regular Review: Review role permissions periodically
Documentation: Document role purposes and permission rationale

Role Assignment

Group-Level: Assign common roles at the group level
User-Level: Assign specific roles at the user level when needed
Avoid Over-Assignment: Don't assign more roles than necessary
Regular Review: Review role assignments regularly

Organization Introduction - Overview of organization management
Managing Organizations - Learn about organizations roles belong to
Managing Users - Learn how to assign roles to users
Managing Groups - Learn how to assign roles to groups

Managing Roles

On this page