Project roles and Business roles can be defined to control permissions to individual Simplifier projects:
- Project roles are intended for design time
- Business roles are intended for the runtime
Both Project roles and Business roles can be assigned to individual users or user groups. When a project-based role is assigned to a group, all users in that group automatically receive that role.
Synchronize groups via Identity Provider
For an authentication method, in addition to user roles, user groups can now be synchronized.
Default groups can be defined, which are always assigned to external users logging in via the authentication method. Optionally, it is possible to activate the external group synchronization with certain rules. These rules can be used, for example, to check a user’s attribute in an Active Directory and then assign a Simplifier group.
Migration of standard roles as business roles
Simplifier roles can now be migrated to business roles in the project permissions overview.
The role migration dialog is available next to the button for creating a new business role.
Only permissions that can also be assigned in business roles are migrated. If the Simplifier role contains an admin characteristic for a permission, it will be converted to the respective permission for all artifacts of the type in the project.
Use of Business Roles in Push Notification Connector
In addition to roles and groups, push notification connectors can now be assigned business roles of the connector’s projects.
Yes, e.g. oAuth. Important for the synchronization is that the attribute which should be used for the synchronization is given by the IDP. You can see which attributes are returned in the test tab of the authentication method.
No. It would be difficult to resolve the project affiliation of the various project roles and business roles.
No. With the execute permission you do not have the permission to test. Additionally you would need the view permission to see the connector/business object to get to the test dialog.
No, but you can have artifacts in multiple projects. That means you could have one project that contains all apps of a location, with only View permission. You could then create separate projects for the departments, where you assign higher permissions.
The permission disappears from the business role and when the connector is added to the project again, then you have to assign the permission to the role manually again.
All users. This is needed, for example, to add users to a project.