Wiki source code of Gérer les rôles
Last modified by Aurelie Bertrand on 2025/12/19 08:51
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{ddtoc/}} | ||
| 2 | |||
| 3 | ---- | ||
| 4 | |||
| 5 | The **Roles **tab on the **User Management **page allows you to create, search for, edit and delete roles. | ||
| 6 | |||
| 7 | As a reminder, a** role **is used to compartmentalise the different elements used in DigDash Enterprise - data models, Flows and pages - and thus secure access to data. One or more roles can be assigned to each user. | ||
| 8 | The role generally corresponds to a corporate function: HR, Finance, Production. | ||
| 9 | |||
| 10 | [[image:Roles_management_EN.png||alt="Roles tab"]] | ||
| 11 | |||
| 12 | (% class="wikigeneratedid" %) | ||
| 13 | All existing roles are listed here. | ||
| 14 | For each role: | ||
| 15 | |||
| 16 | * the **Priority**, if defined, indicates the order in which the roles are displayed in the interfaces; | ||
| 17 | * the **Parent Role** column indicates the name of its parent role if it has one, or if it is a parent role via the icon [[image:1756370637096-905.png]]. In the latter case, a tooltip displays the child roles; | ||
| 18 | * you can see the number of users who have them in the **Associated users** column and display them by clicking on the **View users {{{(n)}}}** link. | ||
| 19 | |||
| 20 | = Creating a role{{id name="Create_role"/}} = | ||
| 21 | |||
| 22 | (% class="box infomessage" %) | ||
| 23 | ((( | ||
| 24 | ℹ The **role identifier** is assigned automatically. It cannot be changed. It will be visible when editing the role. | ||
| 25 | ))) | ||
| 26 | |||
| 27 | (% class="wikigeneratedid" %) | ||
| 28 | To create a role: | ||
| 29 | |||
| 30 | 1. Click the **New Role** button. | ||
| 31 | ➡ The **New Role **window is displayed. | ||
| 32 | 1. Enter the **Name of** the role. | ||
| 33 | 1. By default, the role is assigned to the user creating the role. Uncheck the **Assign to //Role Name//** box if required. | ||
| 34 | 1. Enter the **Priority** if required. Priority is used to manage the order in which roles are displayed in dashboards (and interfaces displaying the list of roles). The smaller the number, the higher the priority. The priority 1 role will be displayed before the priority 2 role. If the priority is not entered, alphabetical order will be used. | ||
| 35 | |||
| 36 | (% class="box infomessage" %) | ||
| 37 | ((( | ||
| 38 | 💡 It is advisable to leave a gap of several priorities between each role so that one or more future roles can be inserted between them if necessary. | ||
| 39 | ))) | ||
| 40 | |||
| 41 | (% start="6" %) | ||
| 42 | 1. You can define a **Role Password** to lock the role for all users: it will be protected from any modification until the password is entered. See the paragraph [[Lock a role>>doc:||anchor="Lock"]] below for more details. | ||
| 43 | 1. You can assign a **Parent Role** to the role so that it inherits its data models by default.{{id name="maitre"/}} | ||
| 44 | If data models are deleted/added in the parent role, they will also be deleted/added in the role; no refresh is required. | ||
| 45 | If a data model is added in the role, it will not be added to the parent role. | ||
| 46 | A role can only have one parent role. A parent role cannot itself have a parent. A role with a parent role (child role) cannot be a parent role. | ||
| 47 | ❗It is (% style="color:#c0392b" %)no longer possible to modify the assigned parent role once the role has been created. The field will be greyed out. | ||
| 48 | |||
| 49 | (% class="box infomessage" %) | ||
| 50 | ((( | ||
| 51 | ℹ Sharing authorisation must be enabled for data models. See paragraph [[Authorise data model sharing>>doc:Digdash.user_guide.studio.Create_datamodel.Manage_data_models.WebHome]] for more details. | ||
| 52 | ))) | ||
| 53 | |||
| 54 | (% start="6" %) | ||
| 55 | 1. Click **View and manage users** to assign or remove this role to different users. | ||
| 56 | 1. Click **Save**. | ||
| 57 | |||
| 58 | (% class="wikigeneratedid" %) | ||
| 59 | [[image:New_role_EN.png||alt="New role"]] | ||
| 60 | |||
| 61 | = Locking a role{{id name="Lock"/}} = | ||
| 62 | |||
| 63 | Configuring a password locks the role for all users until the password is entered, to protect it from modification. | ||
| 64 | Modification of the role's components will be locked in the Studio or Dashboard Editor (data models, flows, dashboard editing, items restricted to the role). | ||
| 65 | (% style="font-size:14px" %)If the role is unlocked, it will be effective for the duration of the session. The role will be locked again the next time you log in. | ||
| 66 | |||
| 67 | * (% style="font-size:14px" %)**Editing the role** | ||
| 68 | |||
| 69 | The role is indicated as locked. When saving a modification, the password is requested. | ||
| 70 | |||
| 71 | [[image:1763981958698-545.png]] | ||
| 72 | |||
| 73 | |||
| 74 | * **Studio** | ||
| 75 | |||
| 76 | A padlock icon is added after the role name and the **New template** or **New {{glossaryReference glossaryId="Glossary" entryId="Flux"}}Flow{{/glossaryReference}}** button is replaced by the **Unlock role** button. | ||
| 77 | In the **{{glossaryReference glossaryId="Glossary" entryId="Flux"}}Flow{{/glossaryReference}}** tab, a "Read only" indication and a padlock icon are also added after the portfolio name. | ||
| 78 | |||
| 79 | To unlock the role, click on the dedicated button or right-click on the role and then click on **Unlock Role **to enter the password. | ||
| 80 | |||
| 81 | [[image:1763989944752-543.png||alt="Studio"]] | ||
| 82 | |||
| 83 | |||
| 84 | * **Dashboard Editor** | ||
| 85 | |||
| 86 | A message tells the user that they do not have rights and a padlock icon is added after the role name. | ||
| 87 | |||
| 88 | To unlock the role, right-click on it and then click **Unlock **to enter the password. | ||
| 89 | |||
| 90 | [[image:1763990036160-828.png||alt="Dashboard editor"]] | ||
| 91 | |||
| 92 | = Searching for a role = | ||
| 93 | |||
| 94 | To search for a role, enter the search term in the search field and click **Search**. | ||
| 95 | |||
| 96 | When you type in the search bar, a list of roles is suggested. | ||
| 97 | |||
| 98 | [[image:1763990462661-634.png||alt="Search"]] | ||
| 99 | |||
| 100 | Click on a role in the pop-up list to edit it directly. | ||
| 101 | |||
| 102 | = (% style="color:inherit; font-family:inherit; font-size:29px" %)Editing a role(%%) = | ||
| 103 | |||
| 104 | To edit a role : | ||
| 105 | |||
| 106 | 1. Click on the [[image:1733391298932-561.png]] button in front of the role name. | ||
| 107 | 1. In the edit panel that appears, you can view the role identifier.[[image:1763990903310-744.png||alt="Edit role"]] | ||
| 108 | 1. Change the desired settings and click **Save**. | ||
| 109 | ➡ A dialog box summarising the changes made is displayed. | ||
| 110 | |||
| 111 | (% class="box infomessage" %) | ||
| 112 | ((( | ||
| 113 | ℹ **Reminder**: | ||
| 114 | |||
| 115 | * The **role identifier** is assigned automatically. It cannot be changed. | ||
| 116 | * The **Parent Role** cannot be modified after the role has been created. | ||
| 117 | ))) | ||
| 118 | |||
| 119 | (% start="4" %) | ||
| 120 | 1. Click **OK **to confirm your changes. | ||
| 121 | |||
| 122 | = Deleting a role = | ||
| 123 | |||
| 124 | To delete one or more roles, select the corresponding checkbox(es) and click on the **Delete** button. | ||
| 125 | |||
| 126 | = Viewing the members of a role = | ||
| 127 | |||
| 128 | To view the users attached to a role, from the list of roles, click on the **View users** link **.** Users belonging to the role are displayed in the **Users** section. | ||
| 129 | |||
| 130 | = Checking roles = | ||
| 131 | |||
| 132 | The **Check Roles** function consists of identifying the roles pointed to by files present in the data folder but which do not exist in the LDAP. It is possible to repair them, i.e. add them back to the LDAP. | ||
| 133 | |||
| 134 | This can, for example, be useful in the event of an LDAP crash. All the LDAP entries for all the roles found in the data folder can be recreated in this way. | ||
| 135 | |||
| 136 | To do this | ||
| 137 | |||
| 138 | 1. Click on the **Check Roles** button. | ||
| 139 | ➡ The **Check Roles** box is displayed. | ||
| 140 | [[image:1763991178492-129.png||alt="Check roles"]] | ||
| 141 | 1. Select **Repair** for each role to be added to the LDAP or** Repair All **to repair all the roles. | ||
| 142 | - or - | ||
| 143 | select **Delete** to delete a role permanently or **Ignore** to do nothing. | ||
| 144 | 1. Click **Validate**. |