Role Management Concepts
The DigitalSuite Role Management module allows you to create roles that reflect the division of work in your company together with organizations that reflect the way these roles are grouped into a hierarchy.
The roles you create in the Role Management module will be used to establish role-based access control at project level.
This document describes organizations and roles along with their functions.
Organizations enable you to group roles together. How you make use of organizations is a design decision and depends on the type of projects you create. You may want to create an organization that reflects the structure of your company, or you could create a new organization for each project you create.
A role can only belong to a single organization but a project can use roles from different organizations.
Roles represent a particular group of responsibilities that can be performed by an actor within your company. Users are assigned specific roles within a project in order to give them the access rights necessary to undertake the responsibilities of the role. Roles are grouped into organizations and organizations can contain many roles. A user can belong to more than one role.
It is possible to have parent and child roles. This can be especially useful when using roles to map the structure of your company. The number of child generations a parent role can have is limited to three.
Roles in a Process
When designing a process each role involved in the execution can be assigned its own lane on the process diagram so that you can clearly show which process step is assigned to each role. For details on the concepts involved in process design, refer to ProcessModeler Concepts.
Defining which users belong to each role can be done in different ways, spanning both static and dynamic allocation:
- Everybody Roles: Roles which include every active user that belongs to the account. All users within your company therefore have the right to perform the functions related to these roles.
- Static Roles: Roles to which users are manually assigned in order to give them the rights necessary to perform the functions related to the role. This assignment is carried out within the Role Management module.
- Scripted Roles: Roles to which users are assigned automatically by the platform dependent on the execution of a script. The script is written and validated within the Role Management module and is used to filter the users based on the user's settings, metadata, preferences or current role membership. To find out more about writing scripts click here.
- Dynamic Roles: In some circumstances we may not know which role should take care of a process step because it depends on the data to be processed. Dynamic Roles enable the decision to be deferred to execution time, using the data available in the process to calculate and assign the correct role in real time.
- Runtime Roles: These roles are initially empty, users are added to the role dynamically during the execution of a process.
Project access rights are defined at Role level. Roles from different organizations can be used within the same project.
You can allocate one of the following types of access rights to a role:
- Designer: Designer access allows you to modify the project's resources and launch processes/web interfaces in Test, Acceptance, and Live mode.
- Supervisor: Supervisor access does not allow you to modify any project resources. Supervisors can launch processes/web interfaces in Test mode and monitor launched processes in all modes.
- User: User access allows you to launch web interfaces in Live mode and to see tasks you have to perform. Users are not able to see the processes they have launched.
- Observer: Observers have the right to view all launched processes in read-only mode.
- Translator: Translators can create, read, update and delete dictionaries for use with App Translator.