Roles & Permissions

If a user is in multiple roles and the permissions are in conflict, the role with the higher level of permissions will take precedence. If needed, you can review which roles an individual user has been added to from the User Role Membership section on the Edit User page.

To create a new role:

1. Click the icon in the top bar > Roles in the People section.
2. Click Create Role to display the Create Role page.
3. Enter the name for the role in the Name field.
4. Optional: Enter a description of the role in the Description field. This description will appear below the role’s name when editing it.
5. Optional: Select the Enable Global Membership checkbox if you wish to grant this role global permissions.

   Once a role is created, you cannot enable or disable global membership (permissions) from the Edit Roles page. To enable or disable global permissions on an existing role, you must delete then recreate the role.

   The Create Role page.
6. Click Create to show the Edit Role page.The Edit Role page.
7. In the field under Object Types, type the name of the object type you want to add, then press Enter on your keyboard or select it from the dropdown menu.
8. Click Edit Permissions. An object type will not be saved to a role until you’ve configured its workflow permissions.
9. Select the workflow permissions the user will have per each state:
   • All States: Clicking All Triggers, Create, Read, and Edit in this section will automatically enable these permissions for all states in the workflow.
   • All Triggers: Users can view and click all triggers on a form. The triggers that are visible to user depend on whether the object is in the state associated with the trigger. You can also select each individual trigger to grant access.
   • Create: Users can create a new object. This permission applies only to the Creation state of the object type.
   • Read: Users can view the object when it’s in the selected state. You cannot select the Edit, Delete, or Manage permissions unless Read has been selected.
   • Edit: Users can edit existing objects in the selected state.
   • Delete: Users can delete existing objects in the selected state.
   • Manage: Users can add users from other roles to give them access to the object while it’s in the selected state. Note that the added user will not see the object until it’s in a state they have permission to view. Manage is applicable to explicit permissions only.
   • Assign: Once the object is in the selected state, users who have been granted permission to view the object through a role will see it in their task list on the My Tasks page. Assign is applicable to explicit permissions only.Workflow permissions.
10. From the Select a default form for this state for this role dropdown menu, choose the form users will see when using Search, Quick Add, an assessment table, or relationship graph:
    • If you do not choose a form from this dropdown menu, the object type’s default form (the unconfigured list of components added to an object type) will be displayed.
    • If you select Default Form from this dropdown menu, the user will see the form selected by an administrator.
    • If you select a configurable form from this dropdown menu, the selected form will be displayed.

      Forms selected to display on an action, view, data visualization, or relationship table will override any selections made in the Select a default form for this state for this role field.

11. Click Done to return to the Edit Roles page.
12. Repeat steps 7-11 to continue adding object types as needed.
13. To add individual users to the role:
    1. In the field under Users, begin typing the name of the user you want to add to the role in, then press Enter on your keyboard or click to select the user.
    2. Repeat step a. as needed to continue adding more users, then click Add Selected.
14. To add a user group to the role:
    1. In the field under Groups, begin typing the name of the group you want to add to the role, then press Enter on your keyboard or click to select the group.The Users and Groups sections.
    2. Repeat step a. as needed to continue adding more user groups, then click Add Selected.
15. Optional: In the Advanced Options section, click theor icons to enable or disable the following options for users within the role: 
    • Search Bar Enabled: Shows or hides the Search field from the top bar.
    • Quick Add Enabled: Shows or hides the Quick Add feature from the top bar.
    • Help Icon Enabled:  Shows or hides the link to the Resolver Knowledge Base from the top bar.
    • Archived Search: Shows or hides the option to include archived data in the search results when using the Search function. The Advanced Options section.
16. Click Done when finished.

Roles control the data a user can create, edit, delete, view, or manage on object types and objects. Once the role component for a specific role is added to an object type, it can be added to a configurable form, where you can grant users from within that role permission to view a specific object. Where necessary, roles allow users to see additional object types related through relationships or references by granting inferred permissions.

As users with global permissions can automatically view all the objects saved to the object type(s) specified in the role (subject to any workflow permissions), you can only add roles with explicit permissions to an object type.

What the users within a role can do with the object types and objects, including those accessed through inferred permissions, is controlled by the object type’s workflow permissions on their role.

Roles must be created and configured before they can be added to an object type. See the Roles chapter for more information.

To add a role to an object type:

1. Click the icon in the top bar > Object Types in the Data Model section.
2. Click the object type or enter the name of the object type in the Search field, then click it to display the Edit Object Type page.
3. Click the Roles tab.
4. Click Add Role.
5. Click to select one or more roles under Select Roles to Add.

   

6. Click Add Selected.
7. To add inferred permissions to the role:
   

   Granting inferred permissions requires additional configurations on the role. See the Inferred Permissions section for more information on how these permissions work and how to configure the role.

   1. Click the role in the Roles tab to open Edit Role Permissions.
   2. Click the monogram, which represents the object type you’re currently working in, to expand the node and reveal any relationships and references saved to the object type.
   3. Click a relationship or reference to show the object types associated with that relationship or reference (e.g. clicking People Involved will show the People and Employee Record object types).
   4. Click an object type to grant inferred permissions to that object type.
   5. Click Done, then Continue to confirm.
8. To edit the role's inferred permissions, click the role in the tab to open Edit Role Permissions.
9. To delete the role from the object type only, click the  icon.
10. Click Done when finished.

All users, including administrators and those with All Access settings enabled, will not be able to see an application in the left navigation menu until they’ve been added to one or more activities through a role. Note that adding a role to one activity with an application will not grant access to all its activities. Roles must be added to each activity individually in order to grant access.

Roles are saved to activities within an application. See the Create an Application & Activity section for more information on creating applications and activities.

If you've recently added your role to an activity, you will need to log out then log back in before the application and/or activity will be displayed in the left navigation menu.

To add roles to an activity:

1. If needed, open the activity you wish to add the role to by clicking theicon in the top bar > Applications in the Application Management section, then clicking the application and activity to show the Edit Activity page.
2. Click Add Roles in the Roles section.
3. Select one or more roles from the dropdown menu.

   

4. Click Add Roles.

To remove a role from the activity, click the trash can icon next to the role, then click Yes to confirm.

The Clear Fields, Clear Roles, and Clear Relationships actions clear the values from selected fields, roles, or relationships on a form (excluding formulas). These features are particularly helpful to users who are working with existing assessments because they avoid the need to go into the assessment and manually remove data that's no longer applicable.

For example, the Clear Fields or Clear Relationships actions could be used when a user is relaunching an assessment, while the Clear Roles may be used when assigning an object type or assessment to a new user in a different role.

Before you can create these actions on a workflow state, the fields, roles, and relationships must be added to the object type as components and a transition must be created. See Add a Trigger & Transition to a State article for instructions.

Because the Clear Roles action takes precedence over the Role Management action, avoid adding both these actions to the same transition, as the Clear Roles action will clear all roles, including any specified in the Role Management action, from the form.

To add a Clear Fields, Clear Roles, or Clear Relationships action to a transition:

1. From the Edit Workflow page, click a trigger below a state to open the Edit Trigger palette.
2. Click the icon next to the transition.

3. Click Add Action in the Actions section. 

   

4. Select Clear Fields, Clear Roles or Clear Relationships from the Type dropdown menu.
5. Enter a name for the action in the Name field.
6. Depending on your selection in step 4 above, make the following selection in the dropdown menu:

7. Click Create.

If a user is in multiple roles and the permissions are in conflict, the role with the higher level of permissions will take precedence.

To edit or delete a role:

1. Click the icon in the top bar > Roles in the People section.
2. Enter the name of the role in the text field to search for it or click the role you want to edit.
3. To add more object types to the role, select the object types from the dropdown menu in the Object Types section, then edit the permissions.
4. To edit an existing object type’s permissions, click the object type under Object Types, make your changes as needed, then click Done to return to the Edit Role page.
5. To add more users or groups to the role, select them from the dropdown menus under Users and Groups.
6. To delete an object type, user, or user group from the role, click the icon next to the object type, user, or user group you want to delete, then click Yes to confirm.

   Roles determine a user's eligibility to access objects only. Removing a user from a role with explicit permissions after they've been granted direct access to an object does not automatically revoke their access to that object. Another user with the appropriate permissions must revoke access by removing the user from the role field on the object's form.

7. Optional: In the Advanced Options section, click theor icons to enable or disable the following options for users within the role: 
   • Search Bar Enabled: Shows or hides the Search field from the top bar.
   • Quick Add Enabled: Shows or hides the Quick Add feature from the top bar.
   • Help Icon Enabled:  Shows or hides the link to the Resolver Knowledge Base from the top bar.
   • Archived Search: Shows or hides the option to include archived data in the search results when using the Search function. The Advanced Options section.
8. To delete the role, click the icon, then click Yes to confirm.