Previous Topic: Role TabsNext Topic: Tenant Access

AdministrationSecurity and Role ManagementRole ManagementRole ListCreate a RoleRole TabsDefine Role Authorization

Define Role Authorization

You can define the level of authorization for a role.

To define the authorization of a role

  1. Select the Authorization tab on the Create Role or Update Role page.

    The Authorization fields appear.

  2. Complete the following fields as appropriate:
    Grant Level

    Specifies the access permission that users assigned to this role can grant to others. The grant level is used to determine which access types a user can grant to another user. You can assign an access type to the contact record of another user only if the access level of the access type you are attempting to assign is ranked the same as or lower than the grant level for your own access type. These levels are ranked as follows:

    • Admin (highest)
    • Analyst
    • Cust/Emp
    • None (lowest)
    View Internal Logs?

    Allows users assigned to this role to view internal log files.

    Data Partition Name

    The name of the data partition assigned to this role. Data partitions are subsets of the database with restricted access to data records, based on their content. You restrict that access by defining a set of constraints for each data partition.

    Enter the data partition name directly into the field, or click the search icon to search for a data partition name.

    Override Contact Data Partition?

    Select this option if you want the data partition defined for the access type to override the data partition defined on the contact record. This option can help prevent conflicts from arising between data partitions specified on the contact records and data partitions specified on the role record.

    Multi-Tenancy Settings

    The following options apply to systems where multi-tenancy is enabled:

    Update Public (Service Provider only)

    Select this option if you want users that are assigned to this role to update data for all tenants and non-tenanted data.

    Tenant Access

    Select the tenant or tenant group that you want users assigned to this role to be able to read. If you select Single Tenant, you can enter the name of the tenant that you want this role to read.

    Tenant Write Access

    Select the tenant or tenant group that you want users assigned to this role to be able to create and update. If you select Single Tenant, an additional field displays where you can enter the name of the tenant you want this role to access.

    Note: Either the Tenant Access or Tenant Write Access fields can be set to Contact's Tenant Group to reference the Analyst's Tenant Group on the Contact Detail page. If a user that is not an Analyst, or an Analyst with no Analyst's Tenant Group defined, uses a role with this access, their access is Contact's Tenant.

    Support Automation Access

    Defines the appropriate Support Automation access for this role.