Role Mapping
  • 18 Feb 2025
  • 4 Minutes to read
  • PDF

Role Mapping

  • PDF

Article summary

Empowering Security: Role Mapping for Controlled Access Excellence!

User Role Mapping ensures that users have access only to the resources and information relevant to their roles and responsibilities. This streamlines the process of assigning, modifying, and revoking access, making it more efficient for administrators.

User persona: Administrator or Application Designer

Let us explore the following Use Case for configuring Role Mapping!

Use Case

User persona:Application Designer

Solution

Sandra at NovaTech wants to assign Users belonging to the IT BLR static group with Analyst Role. They should be able to view transaction records logged by IT and HR tenants.

Sandra can implement Role Mapping functionality, facilitating seamless role management. She performs the following steps to achieve the requirements.

  • Access Details - Defines restrictions on Tenants.

  • Publish To - Defines users that have access to this Role.

Sandra can view all the Incidents that are logged for IT and HR tenants for the ACME Solutions customer. Role Mapping not only streamlines administrative tasks but also enhances the overall efficiency of user interactions within the system.

Best practices for User Role Mapping

To ensure data security and allow only the respective user aligned to the specific department, it is strongly recommended to select only one specific Tenant in the Define Access step. For example, if you are performing User Role mapping for an HR department then in the Define Access step, you must select only HR department. For each tenant, you must configure separate roles and assign it to the respective tenant accordingly. If a user needs access to multiple tenants (Example: HR, IT, Finance), then you can create separate role, each for HR, IT, and Finance.  

In the Define Access step, if the Operator is set to Is one of, ensure you select a single department as the Value. Then, on the Publish To step, when adding a Filter Set, select the Operator and the Value that matches the department chosen in the Define Access step.

Use Case

User persona:Application Designer

Solution

NovaTech's multi-tenant SaaS platform serves a variety of clients. Each tenant has distinct roles, such as Admin, Analyst, and End User. These roles ensure that users can only access data relevant to their specific tenant, such as IT or HR departments.

However, when roles are assigned globally, there is a significant risk that a user from IT could accidently access HR's data, leading to serious security and compliance issues.

To manage tenants like IT and HR within NovaTech's multi-tenant SaaS platform, each department is treated as a separate tenant, with its own unique data and user roles.

Roles like Admin, Analyst, and End User would be defined for each department, ensuring that users in the IT tenant have access only to IT-specific data, while users in the HR tenant are restricted to HR-related information.

By configuring separate user-role mapping for each tenant, data security can be implemented and preventing accidental cross-tenant data access.

To configure Role Mapping, perform the following steps:

  1. Navigate to Design Studio > Access Control Center > User Role Mapping.
    The User Role Mapping List page is displayed.

  2. Click New to User Mapping tab to view the new mapping screen.
    The following tabs are used for mapping control:
    General

    Define Access
    Publish To

General

This section contains the list of properties using which the Application Designer can configure the respective control's Name, Domain, Sub Domain, Description, Role etc.

Figure: General

  1. To Know more about the fields that are available under the General section, see the Field Description given below.
    Field Description

    Name

    Description

    Name

    Type the name of the Role Mapping that is to be configured.

    Description

    Describe the User Role mapping that is being configured.

    Domain

    Domain is selected by default.

    Sub Domain

    Sub Domain is selected by default.

    Role

    Choose a role for which the mapping is to be established from the Role dropdown.

    Note

    If there is no Role created in the selected application, then an option to navigate to the Role creation screen is displayed.

    Active

    Toggle the switch to make the current mapping configuration in an Active or deactivated state.

Note

In the User creation screen’s, Role Mapping tab the admin/super user can only view End-user and Analyst Roles.

Define Access

This section contains the list of properties using which the Application Designer can configure the condition to define the access and build condition on Tenant control.

Figure: Define Access

To know more about the fields that are available under the Define Access section, see the Field Description given below:

Field Description

Name 

Description

Field 

Tenant is specified as a value under the field by default.

Operator

Select the operator type from the dropdown list.
Figure: Operator Type

Value

Select the values from the list. Here Information Technology is selected from the list.Figure: Value

 The field dropdown can be expanded to view and select the desired option. You can add a new condition row by clicking on the +icon. If you want to delete any row, click the delete icon.

Publish To

This section contains publish components using which the Application Designer can publish based on User properties and user list. To know more about the fields that are available under the Publish To section, see Field Description given below.

Figure: Publish To

To know more about the fields that are available under the Publish To section, see the Field Description given below.

 Field Description

Name 

Description

Field 

Select the user attribute from the drop-down list.
Figure: User Attributes

Operator

Select the Operator type from the dropdown list.
Figure: Operator Type

Value

Select the values from the list to publish the mapping. Here mail ID of the admin is entered in the Value column. The value populates based on the Role access of the App Designer designing the component Figure: Value

Once Role Mapping is published, click GO TO LIST. The list displays the Role Mapping under Access Control Center.

Figure: Role Mapping list


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.