Manage Roles
The authentication model of Angles for SAP is based on roles. A role is a set of privileges allowing a specific user to access a certain part of the data or execute certain tasks. The privileges assigned to a role is specific to a model. In other words, you must assign privileges to roles in each model.These privileges can be set in three ways:
- Allow - the user is allowed to perform this task.
- Deny - the user is never allowed to perform this task.
- Undefined - this role does not control this task.
View Roles per model
Open the IT Management Console and navigate to Models > [Model name] > Roles.
For each available role you can see:
Id - unique identifier of a role
Description - meaningful description of the role
Created - timestamp of creation
Created by - who created this role
User count - number of users that have this role assigned
Subroles - number of sub-roles within a role
Action - View or manage the role. You can execute the following actions:
Create a Role
To create a role
Navigate to Models > [Model name] > Roles.
Click Create a new role.
-
Enter the following information:
Role Id - A unique identifier of a role. The identifier should start with a letter, and only a-z, A-Z and '_' are allowed.
Description - A meaningful description for the role.
Click Create.
The new role is created and displayed in the Roleoverview screen.
Edit a Role
To edit a role
Navigate to Models > [Model name] > Roles.
-
Click next to the role you want to edit, and select Edit. The role details are displayed.
The Privileges tab allows you to set the permissions for access to client functionality. For more information, see User Privileges.
The Labels tab allows you to set the privileges for labels for each Business Process. Use By default, the privilege for labels is to set the default privilege level. For more information, see Labels.
The Objects tab displays an overview of all objects in this model. You can allow or deny users to see these individual objects. Use By default, objects are to set the privilege for all available other objects at once. For more information, see Objects.
The Fields tab allows you to limit which field can be seen by users with the current role. This way you can for example allow users to see all employee information except for their bank details or other privacy related information. Use By default, currency fields are to set the privilige for currency fields. With By default, fields are you can set the privilege for all available fields at once. For more information, see Fields.
The Filter tab allows you to create an object filter. This filter limits the types of objects that a user with the current role can see. For more information, see Filters.
The Subroles tab allows you to add subroles to the current role. For more information, see Subroles.
Click Save to finalize your settings.
Copy a Role
To copy a role
- Click next to the role that you want to copy.
- Select Copy. A dialog box opens.
- Specify the following:
New role Id - The name of the new role. This can be the same name as the original if the role is copied to a different model.
Copy to model - The model to which you want to copy the role.
- Click OK.
Delete a Role
To delete a role
- Click next to the role you want to delete. A dialog box opens, showing the number of users that have this role assigned to them.
- Confirm that you want to delete the role by clicking OK.
Check the Privileges of a Role
The Show consolidated role option offers a summary of the role. It shows the settings of a role and the total number of users affected by it. Optionally, click on the arrows to see more details.
To inspect the privileges of a role
Click next to the role you want to inspect.
Select Show consolidated role. A dialog box opens, showing an overview of the model and system privileges and the number of users with that role.
Click OK to close the consolidated role overview.
Combine Roles
You can combine roles by attaching subroles to a role, or assigning multiple roles to a user. To attach subroles to a role, see Manage Subroles . To assign multiple roles to a user, see Manage Users in a Role.
The following rules apply for role combinations:
- Deny overrules all other settings
- Allow only overrules Undefined
- Undefined equals Deny, unless a role specifically does Allow you to and none of the combined roles is assigned Deny
Manage Users in a Role
Manage users allows you to add or remove users from a role.
To manage users
Click next to the role you want to manage. A dialog box opens.
Click Manage users. The Manage users window appears.
-
To add users to the role, select one or more available users and click Add to move them to the selected users.
Note: Only users with access to Angles for SAP are listed. If a user is missing, add them under Users > All users and click Import new users.
Tip: Use Select all and Clear all to select or clear all users from the list.
- To remove users from the role, select the user in the right-hand pane and click Remove.
Click OK. A Result window appears.
Change a Role Definition
It is possible to change the definition of a role. Changing the definition of a role may however affect the permissions of multiple users. Contact the Angles for SAP Service Desk in case you need to change a role definition.
Insights on Roles
For more insights on the role details, you can use the relevant EA4IT templates mentioned in User Management in EA4IT