Roles are used to grant permissions that allow users to complete tasks using the software.
Roles can be thought of as describing the part that individual users play within your organization. That is, this software uses roles as a method that allows you to control what users can do within the system based on the role individual users play within your organization.
Roles can be nested—that is, a role can contain other roles. The final list of granted permissions is the combination of all permissions granted to the role and the roles that it contains.
Example
Create the following roles: AP Clerk, Administrative Assistant, and Senior Manager.
To the AP Clerk role, grant permissions that allow users assigned this role to complete any task on the Accounts Payable menu and run any accounts payable report. Add each of your accounts payable clerks as users. Then assign each clerk the role of AP Clerk to grant each clerk the same permissions to use options within the software. All of your accounts payable clerks are granted permissions to perform any task on the Accounts Payable menu and run any accounts payable report. No other menu options display.
To the Administrative Assistant role, grant permissions that allow users assigned this role the permissions to run any report in the system. Add each of your administrative assistants as users. Then assign each assistant the role of Administrative Assistant to grant each assistant the same permissions to use options within the software. All of your assistants are granted permissions to run any report in the system. No other menu options display.
To the Senior Manager role, add the roles AP Clerk and Administrative Assistant, which grants users assigned the Senior Manager role all of the permissions of the clerk and the assistant. Add additional permissions—for example, add permissions that allow the managers access to Setup menu options to view, add, edit, and delete. Add each of your senior managers as users. Then assign each manager the role of Senior Manager to grant each manager the same permissions to use options within the software, which includes the nested permissions of the roles AP Clerk and Administrative Assistant as well as the additional permissions you granted. All of your managers are granted permissions to perform the same tasks within the system. They are also denied permissions to access options not allowed by the role Senior Manager.
As you can see from the example, permissions are granted to a role, and as users are assigned the role, they are granted permissions based on the assigned permissions of the role. As the needs of the role change, you can change the permissions granted to the role. The change is made for each user assigned that role automatically.
When you assign a user to more than one role, the user is granted all permissions associated with the roles to which the user is assigned. Use caution when assigning users to multiple roles. The permission that is withheld in one role may be granted in another. In addition, once a permission is granted through role assignment, you cannot deny the permission to an individual user.
See Also