A Role is a completely configurable aggregation of customized permissions within the platform. This permission should not be confused with the Access Rights associated with a given business area.
Within the Pretectum platform, permission is assigned to a role either singly or as part of a grouping of other permissions. Since the role can have any description a simple analogy might be associated with the organizational role of a user.
When you add a role you provide a Role Name and a Role Description that is ideally self-explanatory and which helps a given user in the system an understanding of what that Role’s purpose is.
When defining a role and assigning permission you have the ability to determine whether that permission should have specific Access Rights itself. Access Rights within the permission include ADD, VIEW, EDIT, and DELETE. You can also activate/deactivate the permission, which can be particularly valuable if you’re experimenting with roles.
Careful consideration should be given to Role creation such that you do not have roles that are too small or too expansive in terms of Permissions and Access Rights.
Users are assigned roles.
Role assignments are not done at the user level. Users can be assigned to a role and then activated/deactivated or even deleted from a role assignment.