Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r0810

...

Excerpt

Administrators can create and assign roles to users to govern access to user-created objects in 

D s product
rtrue
.

  • A role is  is a set of privileges that can be assigned to users.
  • A privilege governs  governs access level to a type of object.
  • By default, all users are assigned the default role role, which allows users to use the user-created object types.
  • For more information, see Privileges and Roles Reference.

...

Steps:

  1. In the left nav bar, select select User menu > Admin console > Roles
  2. In the Roles page, review the list of available roles. For more information, see Roles Page.
  3. To create a new role, click Create Role. 
  4. In the Create Role dialog, specify the following:
    1. Name: Enter a name for your role. This value must be unique among available roles.
    2. Privileges:
      1. For each of the available object types, specify the access level for the role.
      2. For more information on these privileges, see Privileges and Roles Reference.
    3. To create the role, click Save.
  5. The role is now available and can be assigned to users. See below.

...

  1. In the Roles page, click Create role.
  2. In the Create Role dialog, enter the following:
    1. Name: read-only
    2. Privileges: For each available privilege, select viewer.

      Info

      NOTE: Some privileges may not have a viewer access level. For these privileges, you should select none. However, users with such a role cannot access the pages where these objects are listed.


  3. Click Save.
  4. The role is now available and can be assigned to users. See below.

...

Suppose you wish to limit a set of users to only be able to work with flows. These users should be able to view, share, edit, schedule, run jobs, and delete flows. 

Steps:

  1. In the Roles page, click Create role.
  2. In the Create Role dialog, enter the following:
    1. Name: flows-only
    2. Privileges: 

    3. For the flows privilege, select author.

    4. For every other privilege, select none.

  3. Click Save.
  4. The role is now available and can be assigned to users. See below.

...

  1. In the Roles page, click Create role.
  2. In the Create Role dialog, enter the following:
    1. Name: empty
    2. Privileges: 

    3. For every privilege, select none.

  3. Click Save.
  4. The role is now available and can be assigned to users. See below.

...

Suppose you wish to reduce privileges for the default role role, which is assigned to all users. At the same time, some user should be assigned author-level access to the available objects. Here is the following general flow for managing this modification.

Info

NOTE: You cannot modify the name of the default role.

Steps:

  1. Before you begin, you might wish to inform users that you are making these changes. In some cases, users may lose access to objects that they have created. 
  2. Create new roles for author access to each object type. For more information, see Roles Page
    1. For example, you can create the Flow Author role role, which has author privilege for flows and no other privilege. Optionally, for the other privileges, you could provide viewer access access, which enables read-only access.
    2. Repeat the above for each type of object for which there is a privilege. 
    3. At this point, the new roles have been created.
  3. Assign these roles to users as needed. For example, for the Flow Author role role, you can assign it to each user that must create flows.

    Tip

    Tip: Since roles are additive, you have not removed any privileges yet.

  4. Now, you can modify the default role role
    1. In this case, you should decide what is the baseline set of privileges that each new user should have. Set the privileges to the lowest level of common access.

...

Info

NOTE: Removing a role from a user account may remove access to objects that the user has created. If the user is the owner of these objects, some access may be removed permanently, even if the object is shared. For more information, see Overview of Sharing.

Steps:

  1. In the Roles page, locate the role that you wish to remove from one or more user accounts.
  2. Select the role. 
  3. In the Role Details page, click the Users tab.
  4. Locate the user to unassign un-assign the role. In the context menu for the user, select Unassign from role.
  5. The user no longer has the role in the account.

...