Overview of Roles and Role Based Security (Advanced Product Catalog)

Overview of Roles and Role Based Security

Role-based data security enables users to secure individual data objects and user-defined attribute groups. Your ability to view, edit and perform certain actions on an object or attribute group is determined by your role on it. Users with the privilege to add people can assign users to object roles. You can assign roles for the following objects:

Catalog
Catalog Category
Change
Group
Item
Item Catalog Category

Roles

A role is a collection of privileges. Roles are a convenient way to group privileges into a bundle that can later on be assigned to users, groups, or companies. For example, a user with the Design Engineer role on an item is granted the privilege to View Item, Edit Item, Add/Delete Item Attachments and more. However, the Design Engineer is not granted the privilege to Promote Item/Item Revision Lifecycle Phase.

You can assign roles to a person, group, company, or all users. To simplify item security maintenance, you can assign item roles at the catalog category, catalog, organization, item catalog category, or item level. You can specify default roles for all items in an organization. For example, you can assign the Item Reviewer role to the Engineering group so that all engineers can search for and view all items in the item catalog. For each item catalog category, you can specify which people can create items by assigning them the Catalog Category User role. For example, you can assign just the New Product Introduction engineers the Catalog Category User on the item catalog categories for which they are responsible for maintaining. Next, you can assign default role assignments to people by organization for all items in the item catalog category. For example, you can assign your Motherboard engineers a Design Engineer role for the Motherboard item catalog category. You can assign the buyer for Motherboards a Buyer role. At the item level, you can assign direct roles to enable access to specific items. For example, you can assign the role of Supplier Engineer to suppliers with whom you are collaborating on specific items.

Privileges

A privilege defines a user's access to an object. For example, a user's ability to view an item and edit it is determined by his or her privileges on that item. You can define additional privileges to secure user-defined attribute groups. See: To implement attribute group security.

To implement roles and role-based security, perform the following tasks:

Task	Required?
Administering Roles	Yes
Administering People, Groups, and Companies	No
Implementing Role-based Security	Yes
Implementing Change Management Role-based Security	Yes
Creating Custom Privileges	No