Roles
A new role can be created by the administrator:
Administration
→Roles
→ Create Role
When creating a role, the authorizations for Create
,Read
, Edit
,Delete
and Stream
must be set for the required entities.
Authorizations and access levels
You can set up the authorizations for the following actions in the system:
- Create
- Read
- Edit
- Delete
- Stream
The access level can be set for each authorization. For example, it can be set that users can only edit their own entries, entries from their own teams to which they belong, or all entries in the system. The following access levels can be set:
all
- the user has access not only to his own entries, but also to the entries of all other users.team
- the user has access to the entries created by the users of the teams to which he belongs.own
- the user has access to his own entries.no
- the user has no access rights.
The authorizations of a user with regard to the entries in the system are recorded using their ownership information:
If the user is set as the owner or assigned user of an entry, he has access to this entry if his access level is own
or higher for this entity (e.g. products).
An entry can be assigned directly to one or more teams, so all users who belong to these teams have access to this entry if their access level is team
.
Examples
Example 1: Translator Role
If it is necessary that the translator can translate the relevant product attributes, the one should
- Create the role
Translator
. - Create the user for the translator in the system and assign the role
translator
to this user. - Set this role the authorization
Edit
for the entity product attribute by selecting the access levelown
. - Make sure that the translator is set as an assigned user for all attribute entries for translations.
- Enabling the translator to read all the product attributes so that they can see the values to be translated.
Example 2: Team-based Access
You have the following teams:
- General Product Team - this includes Marc, Andrea, John.
- New Catalog Team - this includes Marc, Andrew, Bill.
You have roles with the following access level for editing:
- Copywriter - оwn
- Product Manager - team
- Photographer - own
- Marketing Manager - own
The following roles are assigned to the users:
- Marc - Product Manager
- Andrea - Copywriter
- John - Product Manager
- Andrew - Photographer
- Bill - Marketing Manager
There are the following products in the system:
-
Electric engine b124e
- the specified Team "New Catalog Team"
- Assigned User: Andrea
- Owner: -
-
Electric engine c212f
- the specified Team "New Catalog Team"
- the specified Team "General Product Team"
- Assigned User: Andrew
- Owner: -
The authorizations to edit the product "Electric engine b124e" are given accordingly:
- Marc - because he belongs to the team that is specified for this product and the role assigned to him has access to editing at the
team
level. - Andrea - because she is an assigned user for this product and the role assigned to her has access to editing on the
own
level.
The authorizations to edit the product "Electric engine c212f" are given accordingly:
- Marc - because he belongs to the team that is specified for this product and the role assigned to him has access to editing at the
team
level. - Andrew - because he is an Assigned User for this product and the role assigned to him has access to editing on the
own
level. - John - because he belongs to the team specified for this product and the role assigned to him has access to editing on the
team
level.
Although the user Bill belongs to the team that is specified for both products, these products are not displayed to him because the role assigned to him only has access to editing at the own
level.
Field level permissions
AtroPIM offers among other things the possibility to configure the access rights on the field level of a certain entity. To do this, when editing the role on the Field Level
panel, click on the ✚
icon after the relevant entity. A popup is opened with the fields belonging to this entity. After selecting the field, you can set access to read or edit this field by specifying yes
orno
for the required action.
This function is necessary if the user needs access to certain entries, but is not allowed to change the values in other fields (e.g. to avoid accidental changes) or to see them. This function is particularly useful when different people are responsible for filling in various fields. For example, if you have an employee who only needs to enter technical details on the product page, it is advisable to restrict his permissions to edit the SKU
orProduct Status
fields.
Before setting the role, you must carefully and thoroughly analyze which tasks a particular user has to perform and which access rights he should be given.
For the Delete
authorization, it is advisable not to set the access level higher thanown
- to avoid that, the user deletes the entries that were not added by him.
Correct role settings make it possible to reduce the number of errors in the system, ensure data security and avoid accidental changes by users who are not supposed to have the permissions to do so. The general rule that you should adhere to when configuring roles is as follows: You only have to set the authorizations and access for the user to the entities and their fields to which he needs access to fulfill his official duties.