Roles
This topic explains how to create, import, and assign roles.
A role defines a set of privileges and permissions. It can be assigned to another role or to a user. A role's privileges automatically become the privileges of any other role or any user that the role is assigned to. A user can be assigned any number of roles. As a result, a user will have all the privileges defined in the multiple assigned roles.
Note that privileges are global, whereas permissions are defined per container.
Default Roles
The following special roles are predefined in FlowForce Server.
 authenticated | This role includes all users who are authenticated using an existing user name and password. Every FlowForce Server user except user |
| all | This role includes all FlowForce Server users, including user |
Since the roles authenticated or all are built-in, you cannot explicitly assign these roles to users or revoke them from users. The membership of the built-in roles is automatically managed by FlowForce Server. Every time when you add a new user, FlowForce Server automatically assigns to the new user both the role authenticated and the role all.
Create roles
To add a FlowForce Server role:
1.Click Administration, and then click Roles.
2.Click Create Role.
3.Enter the role name (for example, "Administrator").
4.Under Privileges, select the privileges that must be assigned to the role (for the description of available privileges, see Privileges).
5.Click Save.
To rename a role:
1.Click Administration, and then click Roles.
2.Click the record you want to edit.
3.Enter the new role name in the Role name text box, and then click Save.
Notes
•The members of a role do not change when the role is renamed. •The default roles |
Import domain roles
To import domain roles into FlowForce Server, take the following steps:
1.Click Roles in the Administration menu.
2.Click Import Domain Roles.
3.Follow the steps 4-6 above.
Assign roles to users and roles
You can assign privileges directly to a user (e.g., 
Alethia Alonso) or to a particular role (e.g., Marketing Manager). It is recommended to assign privileges to roles rather than to individual users, because it simplifies the maintenance and management of privileges in the long term.
You can model the hierarchy of your organization in FlowForce Server, by assigning roles to other roles. The diagram below illustrates a sample organization, for which three roles and one user have been defined. The Employees role contains a role called Marketing Department. This means that the privileges and permissions granted to the Employees role will automatically be inherited by the users belonging to the Marketing Department role.
The Marketing Department role contains the Marketing Manager role. In this case, the Marketing Manager role will inherit all the privileges from the Marketing Department and Employees roles. A user called Alethia Alonso is the marketing manager, and she has been assigned the Marketing Manager role. This implies that she will inherit all the privileges from the broader roles.
Assign roles to users
To assign one or more roles to a user:
1.Click Administration, and then click Users.
2.In the list of users, click the record you want to edit.
3.Under Roles available, select the roles that must be assigned to the user, and then click Assign.
To revoke one or more roles from a user:
1.Click Administration, and then click Users.
2.In the list of users, click the record you want to edit.
3.Under Roles assigned to user '<user name>', select the roles that must be revoked from the user, and then click Remove.
To assign a role to multiple users:
1.Click Administration, and then click Roles.
2.In the list of roles, click the record you want to edit.
3.Under Users/Roles available, select the users that must be assigned the role, and then click Assign.
To revoke a role from multiple users:
1.Click Administration, and then click Roles.
2.In the list of roles, click the record you want to edit.
3.Under Members of role '<role name>', select the users from whom the role must be revoked, and then click Remove.
Assign roles to other roles
To assign a role to another role:
1.Click Administration, and then click Roles.
2.In the list of roles, click the role you want to assign to another role (for example, if you want the role Marketing Department to inherit privileges from the role Employees, click "Employees").
3.Under Users/Roles available, select the role to be assigned, and then click Assign.