Rules for Merging Multi-role Permissions
In the enterprise activities, an employee may be in multiple roles at the same time. Different roles may have different permissions on the same worksheet, so how to define the role's permissions if they are in conflict?
Three Levels of Permissions for Roles on View
Below are the 3 levels of permissions for roles:
L1: Operation permissions for the view
It configures whether a user can view, edit and delete records in a view.
L2: Operation permissions for the record
It configures whether the user can view and edit records. If visible, which records are visible to the user? All records or only records that the user has joined? If editable, which records are editable to the user? All records or only records owned by the user?
L3: Operation permissions for the field
It configures the user's permission to operate on the field when creating, viewing, and editing records, and also includes system buttons such as share, import, print, and custom buttons.
Rules for Merging Multi-role Permissions
When to focus on multi-role permissions
Merging multi-role permissions means that when a user joins multiple roles and at least two roles are configured with permissions for the same worksheet, then the permissions for each view in that worksheet are merged to get a new permissions.
As a simple example, configure the permissions for Role 1 only for Worksheet A, and for Role 2 only for Worksheet B. If a user joins Role 1 and Role 2 at the same time, then his permissions for Worksheet A are the same as those configured for Role 1.
Rules
When merging multi-role permissions, you need to list the permissions for each role at each level based on the view, and then merge the permissions of different roles at the same level to get the permissions at all three levels.
Example 1
Permissions Configuration for Role 1:
Permissions Configuration for Role 2
Merged Permissions:
Both roles are configured with permissions for the same worksheet, and there is a case of merging permissions.
As follows, sort through the three levels of permissions and then merge the permissions at the same level to get the user's final permissions in this view.
Example 2
Permissions Configuration for Role 1:
Permissions Configuration for Role 2
Merged Permissions:
Both roles are configured with permissions for the same worksheet, and there is a case of merging permissions.
As follows, sort through the three levels of permissions and then merge the permissions at the same level to get the user's final permissions in this view.
Note:
Permissions of Role 1 on View B: Why are the L2 and L3 permissions of Role 1 on View A and View B different? Although Role 1 (L2) is configured to edit all records, (L3) and edit all fields, View B is not editable to Role 1 in L1, so when applying it to View B, Role 1 is not allowed to edit any records or any fields.
Have questions about this article? Send us feedback