User Groups
User groups are built-in objects giving permissions to all users inside of them, with a specific role across a scope.
For now, it is not possible to create custom role assignments so you need to use built-in user groups. They are linking a domain with a role which contains precise permissions, that will be given to users in this group.
Roles
Let's give some details on the 5 built-in roles:
Administrator
full access (except approval), and specifically management of domains, users and users rights
Domain manager
full access to selected domains (except approval), in particular managing rights for these domains. Read access to global objects
Analyst
read-write access to selected projects/domains. Read access to global and domain objects
Auditor
read access to selected projects/domains
Approver
like reader, but with additional capability to approve risk acceptances
Django superuser is given administrator rights automatically on startup.
Global user groups
Once your instance is created, three user groups are already present:
Global - Administrator
Global - Approver
Global - Auditor
They give corresponding permissions on Global scope so on every object of your instance.
Domain user groups
They are created for each domain you add. For example, if you create a domain R&D, there will be:
R&D - Domain Manager
R&D - Analyst
R&D - Approver
R&D - Auditor
They give corresponding permissions on the domain scope so on every object inside R&D.
Last updated