Method Community

Chad,

I didn't want to hijack a different thread, on which you posted:

 by Chad

"I have to caution that there is a slight bug right now with the roles area so it may not be visible to you in this version of Method but our next stage release will have this corrected. "

but I have been having an issue with this, and am wondering if it's what you allude to, and will be fixed with the next release.

What I'm finding is that for buttons, The actions are only accessible if a user has the same role assigned as is on the button, and that it is the highest level role the user has. To clarify by example, if a button is assigned roles staff and manager, then if I have roles Admin and Manager, I can't access the button.  But if I had the role of staff, or manager, or manager and staff, I could access the button.

My assumption about how this will work is that one has access to all roles at or below their highest level assigned.  Is that  correct and was this the bug you were referring to?

thanks,

Rolf

Rolf:

but I have been having an issue with this, and am wondering if it's what you allude to

I don't think so, the bug I ran into (currently fixed and coming up in the next release) is just a display bug.  So you were not able to see all the roles to select which ones have access.  It looks like this if you run into it: 

Rolf:

The actions are only accessible if a user has the same role assigned as is on the button, and that it is the highest level role the user has.

Roles recently was overhauled so I'm going to look into this and reply back.

Edit: The role tree was recently overhauled ... not the role function itself.  Sorry for the confusion.

~C

Chad,

The following only refers to buttons and not other object types, as they seem to be in varius stages of implementation for roles.

For buttoms, I am able to see the role tree and can assign them any way I like.  It also displays which users will be able to view/execute  based on the asssignments and the user's assigned roles.  This all appears good in the display part.  But,  what I'm finding is that the 'overide' part doesn't seem to work, and that users can only view buttons at their highest access level.

If you create 7 buttons, and assign them each only one of the seven roles, then a user will only see the button with the role equal to their own highest assigned role., even though they could have all roles up to their highest assigned to them in their account.

HTH,

Rolf

Thanks for the additional detail - I need to review a few things around roles before replying back to this thread.  I have not played with the role feature enough to give a good answer on this one yet.

~C

Hi Rolf,

Just wanted to reply to your post above on roles...

Rolf:

what I'm finding is that the 'override' part doesn't seem to work, and that users can only view buttons at their highest access level.

There might be some confusion on the Roles that can view area - have a look at my screenshot:

I've put a button on my screen that is only accessed from the Manager role.  In my Manager role setup I've assigned it to Chad3 and Chad4.  But Chad3 is also assigned to a higher role - Accountant.  Now Chad3 is denied access to this button since his access to the role Accountant overrides his Manager access.

This is how roles are designed to work, any higher-level role will override the lesser role.  So Chad3's role of Manager is trumped by his access to the role of Accountant.  

What you might want to look at are parent/sub roles when designing permissions.  In my example I have 2 buttons on screen and I would like the parent - Accountant role to have access to both buttons yet I want all subs to only see the Accountant - Sub button.  The only way to acheive this is through a Parent and Sub relationship.  Had Chad3 been a Director + Accountant his access to the Accountant role is overridden.

Have a look my revised role for the user Chad3 and Chad4:

button 1

and button 2

While this sounds a little confusing explained I hope this helps understand a little how our roles work.  

If you think you need to share permissions from a outside a role level, create a sub.  While researching this I found the best solution (if I needed to share multiple role levels) was to recreate the roles as a sub off the  Administrator role.  So my user Chad has both Administrator and -Director roles AND is able to see this button.  If my -Director role was not a sub off Administrator then Chad would not be able to access this button.

see:

and:
 

Please let me know if you have any questions.

HTH!

~C 

Hi Chad,

Thanks for the detailed explanation of this. I had misunderstood how it worked, assuming that higher roles let you see more, but that isn't always the case, and probably for good reason sometimes, lol.  

This does beg the question of why  would one assign a user more than one role, as the higher always trumps anyway?

Thanks again, particularly for the sub role idea; I can see how that would allow the access I was trying to achieve.

Rolf

Rolf:

This does beg the question of why would one assign a user more than one role, as the higher always trumps anyway?

I can't think of a reason why you would double up role assignment but I'm sure there's a use case out there.  I think the lesson for roles is to carefully plan them out before you start building.  I would assume most users would benefit from setting up all roles as subs under Administrator to prevent higher level trumps.

~C