Roles

Introduction

Roles play a crucial role in the security management of applications with Visual Guard. This documentation provides information on creating, managing, and utilizing roles in Visual Guard.

Creating Roles

To create a role in Visual Guard, follow these steps within the context of an application:

1. Access the Visual Guard Administration Console (WinConsole or WebConsole).
2. Select an Application.
3. Within the application context, navigate to the “Roles” section.
4. Click on the “Create Role” button.
5. Provide a name and description for the role.
6. Define the permissions associated with the role by either:
   • Adding individual permissions: Select and add specific permissions that define the access rights for the role.
   • Adding permission sets: Select and add pre-defined permission sets that contain collections of permissions and permission sets.

Managing Roles

Visual Guard simplifies the management of roles registered in the VGRepository within the context of an application. Here are some common operations you can perform on roles:

• Modifying Role Information: You can update the name, description, and permissions of a role by accessing the role profile in the Visual Guard Administration Console within the application context.
• Assigning Users to Roles: Assign users to roles within the application context to grant them the associated access rights and permissions. This can be done by accessing the user profile in the Visual Guard Administration Console within the application context and selecting the appropriate role for the user.
• Assigning Roles to Groups: Assign roles to groups within the application context to grant the associated access rights and permissions to all users within the group. This can be done by accessing the group profile in the Visual Guard Administration Console within the application context and selecting the appropriate role for the group.
• Revoking Role Assignments: If a user or group no longer requires the access rights and permissions associated with a role within the application context, you can remove the role assignment from their profile.
• Deleting Roles: If a role within the application context is no longer needed, you can delete it from the VGRepository. This action removes the role and any associated permissions from the system within the application context.

Role Properties

Roles in Visual Guard have two important properties:

• Name: The name of the role, which helps identify it within the system.
• Description: An optional description that provides additional information about the role.
• Permissions: The permissions associated with the role, which define the access rights and actions that users assigned to this role can perform.
• PermissionSets: The list of permission sets granted to the role.
• Assignable to Users: This property indicates whether the role can be assigned to individual users. When set to true, the role can be assigned to users, granting them the associated access rights and permissions.
• Assignable to Groups: This property indicates whether the role can be assigned to groups. When set to true, the role can be assigned to groups, granting all users within the group the associated access rights and permissions.

By configuring these properties for each role, you can have fine-grained control over the assignment of roles to users and groups.

Utilizing Roles

Once roles are created and assigned to users or groups within the application context, you can utilize them in the security configuration of your application. Roles define the access rights and permissions that users have within the secured application. By assigning users or groups to specific roles within the application context, you ensure that they have the appropriate permissions to perform their tasks.