Role usage (combining roles)

ImageMaster supports the following types of roles:

  • custom roles created by the administrator and displayed in the upper-left box (see figure Users, roles, groups – roles)

  • system roles containing a list of predefined system permissions to use or combine them in user-created roles

To view the full list of available roles, go to the Role Usage tab (see the below figure Users, roles, groups – roles: role combination). All custom roles are at the top of the list. System roles are located below and marked with the check mark near the System Role flag.

You can define a role as a combination of existing roles. To do this you need to create a role and include the required roles in it.

To include a role in the current role

  • In the Role Usage tab, search for the roles that you want to include in the current role.

  • Optionally you can filter the list of the roles by their type, by clicking the ”eye” icon. The following filter options are supported:

    • Client Roles

    • System Roles

    • Included Roles

  • On selection the role details will be displayed in the working area.

  • Select Included for each role.

  • Click Save.

    Figure 133: Users, roles, groups – roles: role combination

  • If you include more than one role, the permissions of the underlying roles are combined by default.

    Note that if the role includes the system role, the role report may display a wrong outcome of permissions.

To select an intersection of the permissions from associated roles

  • Scroll to the bottom of the list.

  • Select Intersection (see Users, roles, groups – roles: roles intersection). Only those permissions will be assigned to the resulting role which are enabled for all underlying roles.

    Figure 134: Users, roles, groups – roles: roles intersection

    Upon selecting the Intersection option, the system will reset all permissions on other expandable panels to “Undefined”.

  • Click Save.

The following table presents two examples of role combinations and intersections based on the example roles “Reader (R)”, “Updater (U)” and “Stranger (S)”:

Example Document Type

Invoice

Payroll

Role

Read

Update

Read

Update

Reader (R)

enabled

undefined

enabled

undefined

Updater (U)

enabled

enabled

enabled

enabled

Stranger (S)

enabled

disabled

undefined

undefined

Combine (R) (U)

enabled

enabled

enabled

enabled

Combine (R) (U) (S)

enabled

disabled

enabled

enabled

Intersect (R) (U)

enabled

disabled

enabled

disabled

Intersect (R) (U) (S)

enabled

disabled

disabled

disabled

Table 40: Roles management – role combination and intersection example

In case of a permission conflict, i.e. if one role enables a permission which is explicitly disabled by another role, the permission outcome is disabled. This corresponds to the example above for Invoice / Update / Combine (R) (U) (S).

In case of an intersection, only those permissions are enabled which are explicitly enabled for all underlying roles. This corresponds to the examples above for Invoice / Read / Intersect and for Payroll / Read / Intersect (R) (U). If there is one undefined permission, this already disables the overall permission.