Roles

VGRole is a fundamental entity in Visual Guard, playing a crucial role in managing permissions and defining access within an application. Stored within VGApplication, VGRole allows grouping permissions or sets of permissions, thereby facilitating the coherent assignment of access rights to users and groups.

Roles play a crucial role in the security management of applications with Visual Guard. This documentation provides information on creating, managing, and utilizing roles in Visual Guard.

Structure of VGRole

• Permissions: Individual permissions represent specific access rights within the application. They can be as granular as needed, ranging from accessing a specific feature to viewing a particular UI element.
• PermissionSets: A PermissionSet is a collection of permissions grouped together to simplify access rights management. It allows for a logical structuring of permissions, often based on business roles or application features.

Properties of VGRole

• Can Grant to User: This property determines whether the role can be assigned directly to users. If enabled, administrators can assign the role to individual users, granting them the associated permissions.
• Can Grant to VGGroup: Similar to the above property, but for groups. If this option is selected, the role can be assigned to user groups, enabling access rights management at the group level.
• Name: The name of the role, which must be unique within the application. It serves as an identifier and should be descriptive enough to be easily recognized and understood by administrators.
• Description: A detailed description of the role, explaining its purpose, the permissions it encompasses, and possibly the target users or groups.

Advantages of Using VGRole

• Simplified Permission Management: Grouping permissions into roles simplifies the management of access rights, allowing administrators to handle authorizations more intuitively and systematically.
• Consistent Access: Using roles ensures that permissions are granted consistently, reducing the risk of errors or omissions in access rights assignment.
• Flexibility: The ability to assign roles to users or groups offers significant flexibility, allowing for precise customization of access levels based on organizational needs.

Creating VGRoles

To create a role in Visual Guard, follow these steps within the context of an application:

1. Access the Visual Guard Administration Console (WinConsole or WebConsole).
2. Select an Application.
3. Within the application context, navigate to the “Roles” section.
4. Click on the “Create Role” button.
5. Provide a name and description for the role.
6. Define the permissions associated with the role by either:
   • Adding individual permissions: Select and add specific permissions that define the access rights for the role.
   • Adding permission sets: Select and add pre-defined permission sets that contain collections of permissions and permission sets.

Managing VGRoles

Visual Guard simplifies the management of roles registered in the VGRepository within the context of an application. Here are some common operations you can perform on roles:

• Modifying Role Information: You can update the name, description, and permissions of a role by accessing the role profile in the Visual Guard Administration Console within the application context.
• Assigning Users to Roles: Assign users to roles within the application context to grant them the associated access rights and permissions. This can be done by accessing the user profile in the Visual Guard Administration Console within the application context and selecting the appropriate role for the user.
• Assigning Roles to Groups: Assign roles to groups within the application context to grant the associated access rights and permissions to all users within the group. This can be done by accessing the group profile in the Visual Guard Administration Console within the application context and selecting the appropriate role for the group.
• Revoking Role Assignments: If a user or group no longer requires the access rights and permissions associated with a role within the application context, you can remove the role assignment from their profile.
• Deleting Roles: If a role within the application context is no longer needed, you can delete it from the VGRepository. This action removes the role and any associated permissions from the system within the application context.

Utilizing Roles

• Once roles are created and assigned to users or groups within the application context, you can utilize them in the security configuration of your application. Roles define the access rights and permissions that users have within the secured application. By assigning users or groups to specific roles within the application context, you ensure that they have the appropriate permissions to perform their tasks.
• By configuring these properties for each role, you can have fine-grained control over the assignment of roles to users and groups.