Roles management
ImageMaster role management provides the possibilities for defining roles that grant or deny permissions.
Role management via the AdminClient is optimized for simple permission structures. In a scenario with a lot of document types and many complex permission assignments, it can happen that the roles created via the AdminClient slow down the system. In such a case, contact your consultant at T-Systems to have this optimized.
Click the Users, Roles, Groups > Roles tab. To access this room, you must have sufficient permissions, which by themselves are granted by a role, e.g. by the role “Role Management” with the contained permission “Role Configuration”.
A basic distinction is drawn between the following permissions to configure roles:
-
Role Configuration
-
Restricted Role Configuration
In the example above you can see that the permission “Role Configuration” is enabled for the role “Role Management”. It does not make sense to grant both of these permissions within one role as the intention is to be able to grant restricted access via the restricted role to a restricted user administrator.
All roles created by a restricted user administrator are tagged with a restricted role flag:
Figure 121: Users, roles, groups – roles: restricted role configuration
Role administration for restricted administrators is limited to the following features:
-
General administration permissions
-
Audit Trail (Read)
-
File Configuration
-
Legal Hold
-
Locks
-
Publish Search
-
Publish Search Bookmarks
-
Report Configuration
-
Reports
-
Role Assignment
-
Restricted Role Configuration
-
User
-
-
Document Types
-
All except View / Update Definition
-
-
File Access
Only roles with the restricted role flag can be managed by a restricted user administrator. Roles that do not have the restricted flag cannot be edited but remain visible to restricted user administrators. Access to “Web Service Access”, “Role Usage” and “Recycle Bin” is not allowed.