Administration Guide

Creating Security Roles

Updated in 8.7

To create a security role, complete the following steps:

  1. From the Sidebar, navigate to Users & Security > Accounts and Roles > Roles.

  2. Click New. The New Security Role dialog box appears.

  3. On the General tab, type a name for the role.

  4. Optional: Type a description of the role in the Description field, so you can easily distinguish it from other roles.

  5. If you want this role to be used as the default role for all newly created Technician accounts, select the This role will be assigned by default to all newly created Technician accounts check box.

  6. Click the Permissions tab and specify access permissions granted by this role:

    1. Click the plus icon (+) to expand an object class node.

    2. Using available check boxes, select access permissions that should be granted by this role.

      INFO: For details, see Controlling Access to Administrative Functions and Controlling Access to Objects.

  7. To control the access scope for role members, complete the following sub-steps.

    INFO: For additional information, see Controlling the Access Scope.

    1. Click the Access Scope tab.

    2. If you want to limit access to the data segments and objects within it, click Data Segments and clear the check boxes of the segments you want excluded from the access scope. By default, all segments are included.

      INFO: You manage the list of data segments in the Users&Security > Accounts and Roles > Data Segments section. For details, see Managing Data Segments.

    3. If you want to grant access to the member’s organization and objects within it, click Restrict access to organizations and select the Allow access to objects within Current User’s Organization check box.

    4. If you want to grant access within specific organizations, click Add, select organizations, and then click OK.

      Organizations in Alloy Navigator have a hierarchical structure, where any organization can have multiple sub-organizations. Selecting a parent organization doesn't automatically include its children. You should individually select every organization that you want included.

      IMPORTANT: If you select Restrict access to organizations but do not specify any organizations, this role will have no access to any organization-related objects.

  8. Click OK. The new role appears in the list.