Leverage Roles to Apply Security and Functionality Access Consistently
In Solver, security and functionality access can be applied by user, by role, or a combination. However, to streamline security maintenance and ensure consistent functionality experiences, using roles exclusively is the best practice. A user can belong to multiple roles and roles can be used to:
- apply data security
- provision permissions (functionality access)
- deliver access to Report or Input Template categories
In using roles for these purposes, the first step is to develop a naming convention to organize roles. For example, begin role names that share Report Template categories with Report, begin role names that give data access with Data and begin role names that provision permissions with Users. Role naming conventions make finding, identifying the purpose of roles, and assigning roles easier.
With these naming conventions, the “Report-” roles provide no permissions or data access. They are only used to share Report Categories.
The “Data-” roles provide no permissions and are used to give access to data.
The “Users-” roles provide no data access and are used to assign permissions.
“Can manage users, licenses and data access” is a permission that cannot be assigned in a role. This permission is assigned only at the User level.
Single assignments for Input Templates and Publisher subscription recipients can also be applied by Role. However, only roles that provide data access are available for selection. It would be great if Solver could make all roles available for selection in these areas. Then roles could be used to streamline the maintenance of these processes as well.
Using roles streamlines Solver access maintenance and makes auditing Solver access faster and more error free.
