Role Level Variables
Role level variables and role level restrictions have been added to the system, this means that you will now have more flexibility when creating variables and restrictions for users. Previously, if you had 10 users that all shared the same variable or restriction you would need to add the details to each individual user which would be very time consuming if you needed to change these details. With role level variables and restrictions, you add the details at role level and when the role is assigned to users, they will all inherit the same variables/ restrictions. This in turn also makes it easier to make changes, the details are changed at role level and they will cascade down to all users in that role.
Variables
The following types of variable are available in the system:
Global Variables - a variable that is available to every user
Role Variables - (available in the November 2021 release) if a role has variables, these variables are available to users that are assigned to that role
User Variables - a variable that is only available to a particular user
Variable Overriding
Variables are applied in the following order:
User variables can override Role variables
Role variables can override Global variables
To help with understanding, let’s look at the following scenario. The system has been set up with:
a global variable PI_STYLES=default-theme (PI_STYLES represents the theme to be used to display the dashboard)
a role called Marketing, which has a variable PI_STYLES=marketing-theme
a role called Sales, which has a variable PI_STYLES=sales-theme
a user called Bob who, by default, has the PI_STYLES=default theme
These variables will be applied in the following way:
If Sales role is assigned to Bob, Bob will see the PI_STYLES=sales-theme
If the Sales and Marketing roles are both assigned to Bob then the ordering position, seen at the top-right of the Dashboard Configuration>Roles screen, will determine whether the sales-theme or marketing-them is used for Bob
If the Sales role has a lower ordering position than the Marketing role (meaning it’s the first in the list), then sales-theme is used
The ordering position also decides the display order of the Roles on the screen. The role with the lowest ordering position will be displayed first. In the following example, the Sales role has the position 1 and Marketing is position 2 which means that the Sales role will appear above the Marketing role
If 2 roles have the same ordering position, then alphabetical order is respected both for display purposes and when role variables have conflicts. In the following screenshot, both roles have the position 1 which means they will appear alphabetically
If Bob has a user variable PI_STYLES=bobs-theme, then bobs-theme would be used by Bob regardless if there is a role assigned to Bob that contains a different theme variable
Restrictions
Role Restrictions - (available in the November 2021 release) if a role has a restriction, every user assigned to the role will inherit the same restrictions
User Restrictions - a restriction that applies to a particular user
Restriction Cumulation and Overriding
User Restrictions and Role Restrictions are applied to users as follows:
when multiple roles are given to a user, with the same restriction, the restriction accumulates
when a user has a restriction, which is the same as a role restriction, the role restriction is ignored
To help understanding, if the system has:
a role called Marketing, which has a restriction: Department = 'Marketing'
a role called Sales, which has restrictions: Department = 'Sales' and Year = 2021
a user called Andy, which has a restriction: Region = 'UK'
Then:
By default, Andy can only see data with the Region = 'UK', because such a restriction is always applied to Andy
If the Sales role is assigned to Andy, then Andy can only see data with
Region = 'UK' (from Andy)
and Department = ‘Sales' (Andy cannot see data related to Marketing as he hasn’t been assigned to the Marketing role)
and Year = 2021 (from Sales role)
If both the Sales and Marketing roles are assigned to Andy, then Andy can see data with
Region = 'UK'
and Department in ('Sales', ‘Marketing') - (this is because Andy has 2 roles, so he’ll be able to see data related to both roles)
and Year = 2021
If the user Andy has a restriction: Department = (‘Sales', 'Dev’), while Sales and Marketing roles are assigned to Andy, then the user restriction is used, and role level restriction of the same topic are ignored (the reason Department restriction from the roles are ignored, is because such implementation allows removing undesirable role restrictions)
Region = 'UK' (from Andy)
and Department in ('Sales', ‘Dev') - (from Andy, and ignore what’s in the roles)
and Year = 2021 (from Sales role)
CUSTOMER NEWS - Our November 24 Release Is Now Available - Download It Now!