Users and Roles
In this section, you will learn how to set up the access concept for your application.
Setting up a Role Concept
The access concept of an application is based on roles which are defined within the customer account, and access rights assigned to those roles. Users are assigned specific roles within a project in order to give them the access rights necessary to undertake the responsibilities of the role.
When setting up the role concept for an application, you first create an organization, and then define the roles within the organization. An organization reflects the way roles are grouped according to the responsibilities in your company.
- In the Role Management module, create a new organization, and save it.
- Open the new organization, and create the roles as required in your application's workflow. When creating a role, you define the role type, and assign the users to it.
For details, refer to the following conceptual information:
For the sample application, you create an organization with the name SAMPLE Organization. In this organization, you need to create three roles: Employee, Managers, and Administration. The responsibilities of those roles are:
- Employee: creates a request for an expense and submits it.
- Managers: validates the request and either approves or rejects it.
- Administration: validates and confirms the payment, as soon as the request is approved.
Additionally, you create the initial Designer role for developers of the application.
To define the roles of the organization, proceed as follows:
- Create an organization named SAMPLE Organization.
Click New role to define the roles, and and configure the roles as follows:
Role Designer with role type Static: assign yourself to this role. The Designer role is the initial role of the organization, and is used for the application developers.
- Role Employee with role type Everybody: all users of the current customer account are automatically assigned to this role.
- Role Managers with role type Static: you select the users the users for this role for each execution environment from the user list under Members.
- Role Administration with role type Static: you select the users for this role for each execution environment from the user list under Members.
- Role Manager and Administration with role type Scripted: you define the script to define the users for this role. In the sample, this role combines the roles Managers and Administration by using the
is_user_in_lane()Freemarker method. For details, refer to Scripted Lanes in the Developer Guide for the Advanced IDE.
The sample's role setup is shown in the following image.