Skip to main content
Version: 7.9

Roles

A role is a security token that you can assign to a single entity, such as a user or a user group. The role determines what Resolve Actions Pro assets are available to the entity and what the entity’s level of access is. Assets include features and UI screens, as well as content such as ActionTasks and Automations.

How Roles Work

The RBAC model used by Actions Pro allows you to assign multiple roles to a single entity. Actions Pro roles can only give permissions. You cannot revoke a permission provided by a role using another role.

Roles work in a logical OR fashion. If any of the entity’s roles has a permission, then the entity has that permission.

Changing the role’s permissions means changing the permissions of all entities that have been assigned this role.

Assume that you want to have two user roles: Viewers and Runners. The Viewers can view an ActionTask, but cannot edit or run it. The Runners need to be able to run an ActionTask, but not edit it. You can implement this setup by opening the ActionTasks’s properties and giving the Viewers role View permission and the Runners role View and Execute permissions.

Managing Roles

You can create as many roles as you like. The role does nothing until you assign it to at least one entity and then give it permissions over an asset.

Creating a Role

When creating a role, you are simply creating a named token that you can later use to give permissions to assets and assign to entities.

  1. From the Actions Pro main menu, click User Administration > Roles.
  2. Click New and enter these details:
    • Name—Descriptive name.
      The name can only contain alphanumeric characters and the underscore (_) character. Longer names are trimmed to the first 80 characters.
    • Description—Optional detailed explanation of the role’s purpose.
  3. Click Save.

The role appears in the list.

Deleting a Role

You can delete a role at any time, even if it is assigned to one or more entities.

caution

Before deleting a role, ensure that it is not in active use providing permissions to your users, developers, or administrators. Actions Pro does not warn when deleting such roles.

  1. From the Actions Pro main menu, click User Administration > Roles.
  2. In the list, click the role that you want to delete to select it.
  3. Click Delete and confirm the deletion.

Editing a Role

Role editing allows you to change the role’s name and description. Doing so does not change the permissions assigned to the role.

  1. From the Actions Pro main menu, click User Administration > Roles.
  2. In the list, find the role that you want to edit and click the Edit icon in front of the role’s name.
  3. Update the Name and Description fields and then click Save.

Assigning Roles

Assigning a role to an entity gives that entity all the permissions assigned to the role for all relevant assets. This was you can control who can access product features and how, who can create content, who can run Automations, and so on.

You can assign a role to the following Actions Pro entities:

  • Users
  • Groups

Although you cannot assign a role to an organization directly, you can do that indirectly by first assigning the role to a group and then making the group part of the organization. See the Organizations guide for best practices on working with groups and roles in the context of organizations.

Default Roles

When creating an Actions Pro entity, it is assigned default roles, which are built-in roles. It is not recommended to remove these assignments.

These are the default role assignments:

  • User: resolve_user
  • Group: none

Assigning a Role to a User

You can assign a role to user account while creating it or at a later stage.

Take the following steps to assign a role to a user:

  1. Open the user details:
    1. When creating a user:
      1. From the Actions Pro main menu, click User Administration > Users.
      2. Click New.
    2. When editing a user:
      1. From the Actions Pro main menu, click User Administration > Users.
      2. Find the user account that you want to edit and then click the View Details icon in front of the user name.
  2. At the bottom of the screen, under Roles, click Add Role.
  3. Select a role from the list and click Add.
  4. At the top of the screen, click Save to complete the role assignment.

Assigning a Role to a Group

You can assign a role to а group while creating it or at a later stage. Because groups are the only way to give users organization membership, roles assigned to a group will propagate to any organizations where the group is a member.

Take the following steps to assign a role to a group:

  1. Open the group details:
    1. When creating a group:
      1. From the Actions Pro main menu, click User Administration > Groups.
      2. Click New.
    2. When editing a group:
      1. From the Actions Pro main menu, click User Administration > Groups.
      2. Find the group that you want to edit and then click the View Details icon in front of the group name.
  2. At the bottom of the screen, under Roles, click Add Role.
  3. Select a role from the list and click Add.
  4. At the top of the screen, click Save to complete the role assignment.

Giving Permissions

You can give a role permissions over product features or content.

Controlling Content Permissions

Аccess to Automations, Wiki Pages, Decision Trees, ActionTasks, Custom Forms, and ActionTask Properties, collectively called content, is controlled using namespaces and roles. For detailed information, see the Access to Content article.

Controlling Access to Product Features

Access to product features is controlled by determining what roles can access the various UI views and the underlying API endpoints. For detailed information, see the Access to Product Features article.

Built-in Roles

Actions Pro creates several roles during deployment that you can think of as guidelines. Utilize them if they make sense in your organization or create completely new roles. Keep in mind, however, that some of the built-in roles are automatically assigned as default roles.

It is not recommended to delete any of the built-in roles but you can change the roles' permissions to fit your organization, with the exception of the admin and public roles. Do not change these two roles.

action_executeThis role is allowed to execute ActionTasks and Automations.
adminThis role has full read, write, and configure all data access in the system.
content_request_adminDeprecated.
content_request_mgrDeprecated.
publicAssets that have been assigned to this role can be accessed anonymously by anyone with a direct link. No Actions Pro account required. The role is not assigned anywhere by default.
resolve_devThe role is meant to be assigned to content developers. By default, it has read, write, and execute permissions, as well as access to menus like Content Management.
resolve_processThe role is meant to be assigned to process managers and subject matter experts who can piece together ActionTasks to automate a process.
resolve_userThis role has read permissions but no write permissions over content. It is meant to be able to execute content. This role is implicitly assigned to every user that you create.