‘Role-based Access’ was introduced in Perfion 2018 R3 (4.5.43). ‘Role-based Access’ allows for admin-users to set specific roles for individual users or groups, which grant access to different areas and functionality in Perfion.

The ‘Role-based Access’ panel is located in the ‘User Properties’-window, which can be found by accessing ‘Users and Groups’ in the ‘Administration’-tab.

Overview

The ‘Roles’-tab

The ‘Roles’-tab show all roles that are available to be assigned to users and groups.

The first column, ‘Role’, shows which roles are available for assigning to the user. The second column, ‘Has role directly’, shows which roles the specific user have been assigned on user-level. This is simply done by checking or unchecking the check-box in the ‘Has role directly’-column.

Just as for users, it is also possible to assign roles to groups, which will then apply to all members of the specific group. The third column, ‘Has role from groups’, shows which roles have been assigned to the user on a group-level. It is possible to assign the same role to a user through multiple groups. Which groups are displayed in this column is determined by which groups the user is a member of.

Roles

The following roles are available in the ‘Roles’-tab:

Reporting:

Can execute reports
- Grants the user permission to execute reports.
Can design reports
- Grants the user permission to design reports. The will enable the ‘Reports’-option in the right-click menu in the gridview.
Can export via reports
- Grants the user permission to export reports.

Feature Data – Import/Export

Can export data from grid
- Grants the user permission the export data from the gridview. This will enable the ‘Output’-button in the gridview.
Can import data
- Grants the user permission to access the ‘Import Data’ option under the ‘Import/Export’-tab. Also allows the user to import data via the API.
Can import data without validation
- Enables the user to import feature data without having to validate the incoming data.

Related Sort Order – Import/Export

Can import related sort orders
- Grants the user permission to access the ‘Import Related Sort Order’ option under the ‘Import/Export’-tab.
Can export related sort orders
- Grants the user permission to access the ‘Export Related Sort Order’ option under the ‘Import/Export’-tab. (This feature has been disabled in 4.7.0)

Actions – Import/Export

Can import actions
- Grants the user permission to access the ‘Import Actions’ option under the ‘Import/Export’-tab. This requires ‘Actions’ to be installed and can only be seen from the ‘Actions’ section.
Can export action
- Grants the user permission to access the ‘Export Actions’ option under the ‘Import/Export’-tab. This requires ‘Actions’ to be installed and can only be seen from the ‘Actions’ section.

Scheduling

Can edit schedules
- Grants the user permission to access the ‘Scheduling’ option under the ‘Tools’-tab.

Log

Can access Log
- Grants the user access to the Log
Can access Recycle Bin
- Grants the user access to the Recycle Bin

Developer

Can access API Tool
- Grants the user access to the ‘API Query’ option under the ‘Tools’-tab.

Actions

Can execute actions
- Grants the user permission the access the ‘Execute Actions’ option which can be found under the ‘Tools’-tab or in the gridview toolbar.

Feature Data

Can access Feature Data
- Grants the user access to Feature Data.

Default Roles

When creating a new user, the following roles will be assigned as default:

Can Execute Reports
Can Design Reports
Can Export Data From Grid
Can Import Data
Can Import Related Sort Orders
Can Export Related Sort Orders

Roles for ‘Admins’ and ‘SuperUsers’

Admin-users will always have all roles assigned. This cannot be changed by other admin-users.

Super-users will have most roles assigned, most of which cannot be disabled by the admin-users.

First time opening an already existing user with roles enabled

Role-based access was introduced in Perfion 2018 R3 (4.5.43). Before this version, no user or group had any roles assigned through the ‘Roles’-tab. When using the 4.5.43 version and opening a specific user for the first time, the default roles will automatically be assigned to the user.

Example – Assigning roles to a new user

The following example is a walkthrough of how to the role-based access works. It will demonstrate how to assign specific roles and what effect those will have, both for a user and groups.

Creating a new user

When creating a new user, it is not possible to set roles immediately. The ‘Roles’-tab will be invisible until the user has been created.

When opening the new user, the ‘Member Of’ and ‘Roles’-tabs will now be available. Pressing the ‘Roles’-tab will display all available roles, and a checkmark have been set for six default roles. These are the default roles which will be assigned to all new users.

The all cells in the third column, ‘Has role from groups’, are empty because the user have not yet be assigned to any groups.

Creating a new group

When creating a new group the ‘Roles’-tab will not be available until the group have been created, just like when creating a new user.

After the new group has been created, the ‘Members’ and ‘Role’-tab can be accessed in the ‘Group Properties’-window. The ‘Role’-tab for groups is not completely the same as for users. First of all, new groups will not have any default roles assigned. Secondly, only two columns, ‘Roles’ and ‘Has role directly’, is available, because groups cannot be member of other groups.

Pressing the ‘OK’-button will save the settings. (Also remember to add the new user, ‘John’, to the new group in the ‘Members’-tab before closing).

After setting the group roles (Actions - Import/Export) and adding the new user to the new group, the user ‘John’s ‘Roles’-tab will now look like this:

‘John’ have the default roles, which was assigned when the user was created, as displayed in the ‘Has role directly’ column. The ‘Has role from groups’ column is now no longer empty, but instead displays ‘Group New’ in the ‘Can import actions’ and ‘Can export actions’ rows, which means these roles are assigned to the user ‘John’ through his membership of the ‘Group New’ group.

Testing the new roles

Let’s test ‘John’s new roles by logging in with his credentials. ‘John’ is not a member of ‘Admins’ or ‘SuperUsers’, which should not let him have access to ‘Import Actions’ or ‘Export Actions’ options in the ‘Import/Export-tab in the Actions section. (Remember to grant access to the user and/or group in the Section Designer and Information Groups!)

These options are now available because of the roles ‘John’ have assigned, either on user-level or group-level. ‘Can import actions’ and ‘Can export actions’ is accessible because the roles was assigned to ‘John’ through his membership of the ‘Group New’ group, while he can access ‘Import Data’ in the Product section because the role ‘Can Import Data’ was assigned to him on user-level.

Furthermore, the ‘Output’ button is available in the gridview because of the ‘Can Export Data from Grid’ role:

Finally, ‘John’ can access the ‘Reports’ options in the right-click menu in the gridview, because ‘Can Execute Reports’ and ‘Can Design Reports’ are enabled:

1 Overview
- 1.1 The ‘Roles’-tab
  - 1.1.1 Roles
  - 1.1.2 Default Roles
  - 1.1.3 Roles for ‘Admins’ and ‘SuperUsers’
  - 1.1.4 First time opening an already existing user with roles enabled
2 Example – Assigning roles to a new user
- 2.1 Creating a new user
- 2.2 Creating a new group
- 2.3 Testing the new roles