Role Level Variables

Role level variables and role level restrictions have been added to the system, this means that you will now have more flexibility when creating variables and restrictions for users. Previously, if you had 10 users that all shared the same variable or restriction you would need to add the details to each individual user which would be very time consuming if you needed to change these details. With role level variables and restrictions, you add the details at role level and when the role is assigned to users, they will all inherit the same variables/ restrictions. This in turn also makes it easier to make changes, the details are changed at role level and they will cascade down to all users in that role.

Variables

The following types of variable are available in the system:

  • Global Variables - a variable that is available to every user

  • Role Variables - (available in the November 2021 release) if a role has variables, these variables are available to users that are assigned to that role

  • User Variables - a variable that is only available to a particular user

Variable Overriding

Variables are applied in the following order:

  • User variables can override Role variables

  • Role variables can override Global variables

To help with understanding, let’s look at the following scenario. The system has been set up with:

  • a global variable PI_STYLES=default-theme (PI_STYLES represents the theme to be used to display the dashboard)

  • a role called Marketing, which has a variable PI_STYLES=marketing-theme

  • a role called Sales, which has a variable PI_STYLES=sales-theme

  • a user called Bob who, by default, has the PI_STYLES=default theme

 These variables will be applied in the following way:

  • If Sales role is assigned to Bob, Bob will see the PI_STYLES=sales-theme

  • If the Sales and Marketing roles are both assigned to Bob then the ordering position, seen at the top-right of the Dashboard Configuration>Roles screen, will determine whether the sales-theme or marketing-them is used for Bob

    • If the Sales role has a lower ordering position than the Marketing role (meaning it’s the first in the list), then sales-theme is used

    • The ordering position also decides the display order of the Roles on the screen. The role with the lowest ordering position will be displayed first. In the following example, the Sales role has the position 1 and Marketing is position 2 which means that the Sales role will appear above the Marketing role

    • If 2 roles have the same ordering position, then alphabetical order is respected both for display purposes and when role variables have conflicts. In the following screenshot, both roles have the position 1 which means they will appear alphabetically

  • If Bob has a user variable PI_STYLES=bobs-theme, then bobs-theme would be used by Bob regardless if there is a role assigned to Bob that contains a different theme variable

 Restrictions

  • Role Restrictions - (available in the November 2021 release) if a role has a restriction, every user assigned to the role will inherit the same restrictions

  • User Restrictions - a restriction that applies to a particular user

Restriction Cumulation and Overriding

User Restrictions and Role Restrictions are applied to users as follows:

  • when multiple roles are given to a user, with the same restriction, the restriction accumulates

  • when a user has a restriction, which is the same as a role restriction, the role restriction is ignored

To help understanding, if the system has:

  • a role called Marketing, which has a restriction: Department = 'Marketing'

  • a role called Sales, which has restrictions: Department = 'Sales' and Year = 2021

  • a user called Andy, which has a restriction: Region = 'UK'

Then:

  • By default, Andy can only see data with the Region = 'UK', because such a restriction is always applied to Andy

  • If the Sales role is assigned to Andy, then Andy can only see data with

    • Region = 'UK' (from Andy)

    • and Department = ‘Sales' (Andy cannot see data related to Marketing as he hasn’t been assigned to the Marketing role)

    • and Year = 2021 (from Sales role)

  • If both the Sales and Marketing roles are assigned to Andy, then Andy can see data with

    • Region = 'UK'

    • and Department in ('Sales', ‘Marketing') - (this is because Andy has 2 roles, so he’ll be able to see data related to both roles)

    • and Year = 2021

  • If the user Andy has a restriction: Department = (‘Sales', 'Dev’), while Sales and Marketing roles are assigned to Andy, then the user restriction is used, and role level restriction of the same topic are ignored (the reason Department restriction from the roles are ignored, is because such implementation allows removing undesirable role restrictions)

    • Region = 'UK' (from Andy)

    • and Department in ('Sales', ‘Dev') - (from Andy, and ignore what’s in the roles)

    • and Year = 2021 (from Sales role)