- 18 Feb 2025
- 4 Minutes to read
- Print
- PDF
Role Mapping
- Updated on 18 Feb 2025
- 4 Minutes to read
- Print
- PDF
Empowering Security: Role Mapping for Controlled Access Excellence!
User Role Mapping ensures that users have access only to the resources and information relevant to their roles and responsibilities. This streamlines the process of assigning, modifying, and revoking access, making it more efficient for administrators.
User persona: Administrator or Application Designer
Let us explore the following Use Case for configuring Role Mapping!
Use Case User persona:Application Designer | Solution |
Sandra at NovaTech wants to assign Users belonging to the IT BLR static group with Analyst Role. They should be able to view transaction records logged by IT and HR tenants. | Sandra can implement Role Mapping functionality, facilitating seamless role management. She performs the following steps to achieve the requirements.
Sandra can view all the Incidents that are logged for IT and HR tenants for the ACME Solutions customer. Role Mapping not only streamlines administrative tasks but also enhances the overall efficiency of user interactions within the system. |
Best practices for User Role Mapping
To ensure data security and allow only the respective user aligned to the specific department, it is strongly recommended to select only one specific Tenant in the Define Access step. For example, if you are performing User Role mapping for an HR department then in the Define Access step, you must select only HR department. For each tenant, you must configure separate roles and assign it to the respective tenant accordingly. If a user needs access to multiple tenants (Example: HR, IT, Finance), then you can create separate role, each for HR, IT, and Finance.
In the Define Access step, if the Operator is set to Is one of, ensure you select a single department as the Value. Then, on the Publish To step, when adding a Filter Set, select the Operator and the Value that matches the department chosen in the Define Access step.
Use Case User persona:Application Designer | Solution |
NovaTech's multi-tenant SaaS platform serves a variety of clients. Each tenant has distinct roles, such as Admin, Analyst, and End User. These roles ensure that users can only access data relevant to their specific tenant, such as IT or HR departments. However, when roles are assigned globally, there is a significant risk that a user from IT could accidently access HR's data, leading to serious security and compliance issues. | To manage tenants like IT and HR within NovaTech's multi-tenant SaaS platform, each department is treated as a separate tenant, with its own unique data and user roles. Roles like Admin, Analyst, and End User would be defined for each department, ensuring that users in the IT tenant have access only to IT-specific data, while users in the HR tenant are restricted to HR-related information. By configuring separate user-role mapping for each tenant, data security can be implemented and preventing accidental cross-tenant data access. |
To configure Role Mapping, perform the following steps:
Navigate to Design Studio > Access Control Center > User Role Mapping.
The User Role Mapping List page is displayed.Click New to User Mapping tab to view the new mapping screen.
The following tabs are used for mapping control:
General
General
This section contains the list of properties using which the Application Designer can configure the respective control's Name, Domain, Sub Domain, Description, Role etc.
Figure: General
To Know more about the fields that are available under the General section, see the Field Description given below.
Field DescriptionName
Description
Name
Type the name of the Role Mapping that is to be configured.
Description
Describe the User Role mapping that is being configured.
Domain
Domain is selected by default.
Sub Domain
Sub Domain is selected by default.
Role
Choose a role for which the mapping is to be established from the Role dropdown.
Note
If there is no Role created in the selected application, then an option to navigate to the Role creation screen is displayed.
Active
Toggle the switch to make the current mapping configuration in an Active or deactivated state.
Note
In the User creation screen’s, Role Mapping tab the admin/super user can only view End-user and Analyst Roles.
Define Access
This section contains the list of properties using which the Application Designer can configure the condition to define the access and build condition on Tenant control.
Figure: Define Access
To know more about the fields that are available under the Define Access section, see the Field Description given below:
Field Description
Name | Description |
---|---|
Field | Tenant is specified as a value under the field by default. |
Operator | Select the operator type from the dropdown list. |
Value | Select the values from the list. Here Information Technology is selected from the list. |
The field dropdown can be expanded to view and select the desired option. You can add a new condition row by clicking on the +icon. If you want to delete any row, click the delete icon.
Publish To
This section contains publish components using which the Application Designer can publish based on User properties and user list. To know more about the fields that are available under the Publish To section, see Field Description given below.
Figure: Publish To
To know more about the fields that are available under the Publish To section, see the Field Description given below.
Field Description
Name | Description |
---|---|
Field | Select the user attribute from the drop-down list. |
Operator | Select the Operator type from the dropdown list. |
Value | Select the values from the list to publish the mapping. Here mail ID of the admin is entered in the Value column. The value populates based on the Role access of the App Designer designing the component |
Once Role Mapping is published, click GO TO LIST. The list displays the Role Mapping under Access Control Center.
Figure: Role Mapping list