| layout |
|---|
article-toc |
A Role is a collection of rights that allow a user to perform actions in Hornbill. Hornbill comes with a range of roles ready for you to assign to your users and custom roles can be created to meet your specific needs.
In addition to platform roles, each application comes with roles specifically designed to govern access to that application.
- Describing the different types of roles.
- The different ways to assign roles to users.
- How roles can affect application subscriptions.
- How to create a custom role.
- Users with the Admin or Super User role can manage roles
- The rights Manage Role, Create Role, Delete Role, and Update Role are available for custom roles.
Two types of Roles exist within Hornbill, Security Roles and Assignment Roles:
- Security Roles
Are used to control access to Hornbill Applications and to the different areas within each application. Security roles have a "Privilege Level" which determines the level of access provided to users that are assigned to the role. - Assignment Roles
Provide restrictions on the assignment of Activities. For example, when configuring a Human Task node within a Business process, it is possible to assign that task to a Role. This is especially useful if you wish to restrict the assignment of an activity to several users within a particular group or if you want to expose this activity to a selection of users across multiple groups. It is also possible to share certain items based on an assignment Role. One example is Dashboards. Assignment Roles can only be associated with application Users"
Security roles use the following privileges to control the level of access for a user that has been assigned to the role.
| Privilege Level | Description |
|---|---|
| None | This privilege level has no privileges assigned. |
| Guest | This is the privilege level applied to any guest account login via a customer/external portal session. |
| Basic | This privilege level is associated with basic user accounts. The basic user privilege level provides very limited access to the Hornbill platform, typically this type of user would be an employee that does not use Hornbill on a day-to-day basis, but uses the Employee portal to access services being provided. |
| User | This privilege level is typically associated with a normal user account. |
| Admin | This privilege level is in effect a ‘super user’ account. This privilege level is used sparingly, and should not be used for day to day user accounts. |
:::tip A user's overall privilege level is determined by the highest privilege level of all their combined roles. :::
There are a number of roles that are provided with Hornbill. These roles are read-only and contain a set rights for performing a particular set of tasks. Additional rights cannot be added.
System roles can be easily identified in the list of roles by the closed padlock icon.
If the roles that come with Hornbill do not meet your specific needs, you can create your own roles.
- Open Configuration
- Select where the new role will be created (either Platform Configuration or a specific Hornbill App) from the drop down menu.
- Select
Rolesin the left-hand navigation panel. - Select
+ Create New Rolefrom the top right-hand toolbar. - Provide a Role ID (must be unique), Privilege Level (only required when creating a security role), Type, and description.
:::tip
- If you create a role under the platform configuration, you can add or update the application context or tie the role to a Hornbill Shared Mailbox.
- If you create a role under an application configuration you cannot assign it to other applications or mailboxes.
- Users can be allocated subscriptions through role assignments. If you assign a user to an application role that has a privilege level of
usera subscription will be allocated to that user when they next log in. :::
- System Rights
All roles have the option to add system rights. - Application Rights
This will only be available if the role is associated to an application. Only the rights for the associated application will be available.
| Name | Description |
|---|---|
| Manage Lists | Provides read access to the Simple Lists under Platform Configuration and with each application where the user has a subscription. Additional rights are required to be able to create, update, and delete lists |
| Add Lists | Add a new simple list. Requires the Manage Lists right |
| Update Lists | Update an existing simple list. Requires the Manage Lists right |
| Delete Lists | Delete a simple list. Requires the Manage Lists right |
| Manage Profile Categories | |
| Create Profile Categories | |
| Update Profile Categories | |
| Delete Profile Categories | |
| Add Profiles | |
| Update Profiles | |
| Delete Profiles | |
| Manage Scheduled Jobs | Allows the user to view their own scheduled jobs within the user app. Users that have a privilege level of admin will also be able to view all users' scheduled jobs from within Configuration and reassign the owner of a job |