../_images/tile_role_management.png

Role Management

By default, Feeder provides 3 System Roles that control the access rights to features. System roles are assigned when a new Feeder user account is set up in Admin Management.

image0

In addition to the system roles, Custom Roles can be configured in the Role Management feature to manage the visibility of data. Therefore, at least one role with at least one (target user) Group with at least one Criterion must be specified. Otherwise, the entire global data set will remain visible!

image1

Configuring a Custom Role

Clicking New will open the Custom Role settings.

image2

Name:
Please fill in a role name that is self-explanatory. After saving, the name may no longer be changed (e.g. HRManager)
[Label]:
The box right next to the Name input field allows to assign a label
Description:
Optionally, a descriptive text may be entered. The text will display in the start screen of the Role Management feature where all configured custom roles are listed by Name, Label, Description and Object Type
Object Type:
Specify the data object where the custom role will apply. If only one data object is configured, this field will be prefilled automatically. A role may apply to 1 data object only!

Public, Public Editable & Hidden Fields (Rights)

Rights:
Specify global rights on attributes that outrule group criteria (Hidden, Public or Public Editable): Either information remains strictly hidden (e.g. payroll information), information remains globally visible (e.g. Last Name, First Name, Email and UserID) independently of the user’s group assignments or the the value of the field can be edited globally.

Note

To differentiate strictly between Public and Public Editable, Public Editable allows a user to manipulate the value of a field (e.g. by using the API) even if the field is not globally visible.

Typical information that should be flagged public are attributes used as search and value attributes in reference fields! In this way, e.g. managers can be looked up in reference fields even though they might belong to a different group!

image3

Import Role Configuration

Description
You can also create new or update existing role configuration in your environment by importing a JSON file instead of creating new instances manually. By doing so, you will get a clear breakdown of all processed entries of your uploaded file.

How-To

image11a

Steps
  • Please click the Import button
  • Select the role.json file
  • Click Upload
Getting the template
You may obtain these files by clicking the Export button first

Corrupt Records

image11b

If role(s) cannot be processed properly during a JSON import, a Failed Records button will be shown to offer a download of an errror.json file to receive further information.

Creating Groups

Clicking New will open the Group settings page. In the following screenshot 2 groups have been created that will serve for further explanations.

image4

Within a group, the actual limitation of data visibility is configured. Therefore the limitation Criteria have to be set. Then (Feeder) users are assigned via drag & drop functionality.

image5

Important

The Role Management feature is very powerful. Please keep in mind: once a single role is defined, all users have to be assigned to at least one group! Otherwise un-assigned users may not view any data at all!

Hint

You can also create new or update already existing groups by importing a JSON file. It has the same behaviour like the import of role configurations .

Group Criteria: 1 Attribute, 2 Values

As of Feeder v2.3 , attributes may be used multiple times as group criterion. Data visibility can be limited by 1 particular attribute which may have 2 different values (e.g. employees where COUNTRY = Germany and COUNTRY = Italy) during the configuration.

Important

In previous versions, attributes may only be used only once as group criterion for ensuring a high Feeder performance. If data visibility shall be limited by 1 particular attribute which may have 2 different values , then the configuration of two separate groups is required.

Special Role: Visibility of Public Fields only

As of Feeder version 1.10, the following option under Object Type is available. It will allow to restrict the access of users assigned to this role to view rights on specific fields only. This might be required, e.g. when there is an external support team that needs to look up certain contact persons but may not see more details. As a consequence, the user may search in the given data set only.

image6

Important

Please create a “No Access” group with a condition that cannot be fulfilled! (Screenshot below)

image7

The result will be that all buttons are greyed out or inavailable and a record cannot be opened.

image8

Public Editable

A special option that was needed for the Employee Transfer custom solution.

Moving to Production (Group Migration)

A typical use case for this would be setting up the Feeder production instance, thus transferring the configurational files from the test system.

Steps

  1. Import the roles (roles.json)
  2. Import the groups (groups.json)
  3. Reassign all users to groups as these received new internal IDs.

Important

When importing groups, the user assignment needs to be done anew!

Good to know

Important

Please be aware that until version 1.10 (and probably throughout) the groups.json file will contain all groups of all roles.

  • Search for a user’s internal ID and see globally to which groups a user is assigned to.
  • The groups are sorted by alphabetical order

General Structure (groups.json)

image9

Example (groups.json)

image10