Altova FlowForce Server 2025 Advanced Edition

This topic explains how to create, import, and assign roles.

 

A role defines a set of privileges and permissions. It can be assigned to another role or to a user. A role's privileges automatically become the privileges of any other role or any user that the role is assigned to. A user can be assigned any number of roles. As a result, a user will have all the privileges defined in the multiple assigned roles.

 

Note that privileges are global, whereas permissions are defined per container.

 

Default Roles

The following special roles are predefined in FlowForce Server.

 

role authenticated

This role includes all users who are authenticated using an existing user name and password. Every FlowForce Server user except user useranonymous is a member of this role. By default, this role has the Set own password privilege.

role all

This role includes all FlowForce Server users, including user useranonymous. By default, this role has no privileges.

 

Since the roles role authenticated or role all are built-in, you cannot explicitly assign these roles to users or revoke them from users. The membership of the built-in roles is automatically managed by FlowForce Server. Every time when you add a new user, FlowForce Server automatically assigns to the new user both the role role authenticated and the role role all.

 

Create roles

To add a FlowForce Server role:

 

1.Click Administration, and then click Roles.

2.Click Create Role.

3.Enter the role name (for example, "Administrator").

4.Under Privileges, select the privileges that must be assigned to the role (for the description of available privileges, see Privileges).

5.Click Save.

 

To rename a role:

 

1.Click Administration, and then click Roles.

2.Click the record you want to edit.

3.Enter the new role name in the Role name text box, and then click Save.

 

Notes

 

The members of a role do not change when the role is renamed.

The default roles roleall and roleauthenticated cannot be changed.

 

Import domain roles

To import domain roles into FlowForce Server, take the following steps:

 

1.Click Roles in the Administration menu.

2.Click Import Domain Roles.

3.Follow the steps 4-6 above.

 

Assign roles to users and roles

You can assign privileges directly to a user (e.g., userAlethia Alonso) or to a particular role (e.g., role Marketing Manager). It is recommended to assign privileges to roles rather than to individual users, because it simplifies the maintenance and management of privileges in the long term.

 

You can model the hierarchy of your organization in FlowForce Server, by assigning roles to other roles. The diagram below illustrates a sample organization, for which three roles and one user have been defined. The role Employees role contains a role called role Marketing Department. This means that the privileges and permissions granted to the role Employees role will automatically be inherited by the users belonging to the role Marketing Department role.

 

The role Marketing Department role contains the role Marketing Manager role. In this case, the role Marketing Manager role will inherit all the privileges from the roleMarketing Department and role Employees roles. A user called userAlethia Alonso is the marketing manager, and she has been assigned the role Marketing Manager role. This implies that she will inherit all the privileges from the broader roles.

RoleHierarchyDiagram

 

Assign roles to users

To assign one or more roles to a user:

 

1.Click Administration, and then click Users.

2.In the list of users, click the record you want to edit.

3.Under Roles available, select the roles that must be assigned to the user, and then click Assign.

 

To revoke one or more roles from a user:

 

1.Click Administration, and then click Users.

2.In the list of users, click the record you want to edit.

3.Under Roles assigned to user '<user name>', select the roles that must be revoked from the user, and then click Remove.

 

To assign a role to multiple users:

 

1.Click Administration, and then click Roles.

2.In the list of roles, click the record you want to edit.

3.Under Users/Roles available, select the users that must be assigned the role, and then click Assign.

 

To revoke a role from multiple users:

 

1.Click Administration, and then click Roles.

2.In the list of roles, click the record you want to edit.

3.Under Members of role '<role name>', select the users from whom the role must be revoked, and then click Remove.

 

Assign roles to other roles

To assign a role to another role:

 

1.Click Administration, and then click Roles.

2.In the list of roles, click the role you want to assign to another role (for example, if you want the role role Marketing Department to inherit privileges from the role role Employees, click "Employees").

3.Under Users/Roles available, select the role to be assigned, and then click Assign.

 

© 2018-2024 Altova GmbH