Business Roles – as well as Project Roles – are used to manage user permissions on a per-project-level. In contrast to Project Roles, there are no predefined Business Roles on a Simplifier instance.
Here are some characteristics of Business Roles:
- Roles for Runtime: these roles are intended for end users of an application
- include permissions only to execute artifacts, which is sufficient for end users
- are only valid within one Project. This means that the role ‘App_Administrator’ for Project A is not visible and can not be used in Project B
- are assigned to a user for each Project individually. This means that in Project A, a user can have an administrator role for an application, while in Project B, the same user can have another role
- are transportable. So, when transporting a project to another instance, the Business Roles are included in the transport
- can be used as a target group within the Push Connector (learn more about target groups in the Push Connector documentation)
- can be used in Filters for Connectors (learn more about filters in the Connector filter documentation)
View and Edit Business Roles
To view the Business Roles that are available in a Project, open the side menu and select ‘Projects’. Then, select on a Project in the list and click on the button ‘Edit Project Permissions’ on the right.
On the upcoming screen, the Business Roles for this Project are listed.
To edit a Business Role, double-click on a role in the list. In the detail view, you can adjust the permissions that this role contains.
You can also create a new Business Role by clicking on the ‘+’ button on the right side of the overview list.
In the detail view of a Business Role, you can edit the permissions that this role includes. For Business Roles, there are two types of permissions:
- Permissions for single artifacts (e.g., one single Application/Connector)
- Wildcard permissions (e.g., all Applications/Connectors in this project)
Note that only execution permissions for most artifacts can be assigned here, since Business Roles are intended for end users of an application and not for developers.
You can only assign permissions for artifacts that are included in the Project. For example, if Connector A is deleted from a Project A, the permission to execute this Connector will also be removed from the Business Roles in the Project.
Migrate User Roles
In case you already have Global Roles on your Simplifier instance that you are using to manage user permissions in applications, you can directly migrate them and convert them to Business Roles. With this functionality, you can reuse already existing roles and do not have to create a new Business Role from scratch.
To migrate Global Roles, click on the button ‘Migrate User Role’ on the right of the screen where a project’s Business Roles are listed.
Then, select the Global Role that you want to migrate.
Confirm the dialog.
For migration, the permissions included in the Global Role are adapted as follows:
- Permissions that are not needed for end users (view/edit/delete permissions) are removed. Only execute permissions are kept
- Permissions on specific artifacts (Applications/Connectors/etc.) are removed. Instead, wildcard permissions are inserted
Assign Business Roles
To assign Business Roles to users, switch to the tab ‘Projects’ in the Project list and select the respective Project in the overview list. In the detail view on the right of the list, click on the button ‘Edit Project Permissions’. On the upcoming screen, select the tab ‘Role Assignments’.
Here, you can assign users to this Project by Project Groups or by Project Users.
Assign by Project Groups (recommended)
Using this assignment option, you can assign a Business Role to a group of users. This has the advantage that you do not have to assign each single user to the project, which speeds up the assignment process. Also, when new users are added to the Simplifier instance and then assigned to a group, they automatically get the Business Role(s) of their group, so you do not have to add the new users to the project manually.
This option requires that your users on your Simplifier instance are organized in groups (which we recommend, especially if you are hosting a large number of users).
To add a new group of users to the project, click on the ‘+’ button on the right. Then, select the user group(s) that you want to add. Continue by clicking the button ‘Select Role(s)’.
Next, select the Business Role(s) that you want to assign to this user group(s). With the checkbox ‘Assign same roles to all groups’, you can define the Business Role(s) for all selected user groups at once.
Confirm the dialog. That’s it! The users in your user group(s) are now assigned to the Project with the respective Business Role(s).
Assign by User
In the tab ‘Project Users’, you can also assign single users to the Project and define their Business Role(s). The dialog looks the same as the dialog for the group assignment; you first select the user(s), then the Business Role(s).
However, we recommend to manage your users in groups, and then assign the complete groups to a project. This helps you to keep an overview on your Simplifier instance and reduces manual adjustments, since new users that are added to a group automatically receive the Business Role(s) of their group.
Assign to Anonymous Users
Business Roles that have been created/migrated in a project can also be assigned to anonymous users in all the applications that are included in the respective project.
For example, our project ‘TEST’ includes the Business Role ‘App_Administrator’. Since this role is visible for all the applications that are included in the project, we can assign this role to anonymous users in the section ‘Security’ of the UI Designer.
Transport Business Roles
As already mentioned on this page, Business Roles – in contrast to Project Roles – can be transported to another Simplifier instance and therefore are included when transporting the project.
Caution: When you are working with users groups in a project (meaning that you assign Business Roles to user groups, not single users) and you want to transport the project to another Simplifier instance, keep in mind that group names are only remembered if the same group name also exists on the target instance.
This means that if the same group name exists, the assignment to a Business Role by group will work as expected from the source instance. If the name does not exists, Business Role assignment by group will not work on the target instance unless you reconfigure it in the Role Assignment settings.
Access Business Roles via API
The Server-Side Business Object API for Users also includes the functionality to access Business Roles of a Simplifier user. For example, you can assign and unassign Business Roles to a given user. Checkout the User API documentation for more information.
Note that in order to assign and unassign Business Roles, the executing user needs the permission to do so (Current Project > Assign Business Role).
Leave A Comment
You must be logged in to post a comment.