Roles

A new role can be created by the administrator:

AdministrationRolesCreate Role

create-role-button

When creating a role, the authorizations for Create,Read, Edit,Delete and Stream must be set for the required entities.

Authorizations and access levels

You can set up the authorizations for the following actions in the system:

  • Create
  • Read
  • Edit
  • Delete
  • Stream

The access level can be set for each authorization. For example, it can be set that users can only edit their own entries, entries from their own teams to which they belong, or all entries in the system. The following access levels can be set:

  • all - the user has access not only to his own entries, but also to the entries of all other users.
  • team - the user has access to the entries created by the users of the teams to which he belongs.
  • own - the user has access to his own entries.
  • no - the user has no access rights.

The authorizations of a user with regard to the entries in the system are recorded using their ownership information:

user-ownership-information

If the user is set as the owner or assigned user of an entry, he has access to this entry if his access level is own or higher for this entity (e.g. products).

An entry can be assigned directly to one or more teams, so all users who belong to these teams have access to this entry if their access level is team.

Examples

Example 1: Translator Role

If it is necessary that the translator can translate the relevant product attributes, the one should

  • Create the role Translator.
  • Create the user for the translator in the system and assign the role translator to this user.
  • Set this role the authorization Edit for the entity product attribute by selecting the access level own.
  • Make sure that the translator is set as an assigned user for all attribute entries for translations.
  • Enabling the translator to read all the product attributes so that they can see the values to be translated.

Example 2: Team-based Access

You have the following teams:

  • General Product Team - this includes Marc, Andrea, John.
  • New Catalog Team - this includes Marc, Andrew, Bill.

You have roles with the following access level for editing:

  • Copywriter - оwn
  • Product Manager - team
  • Photographer - own
  • Marketing Manager - own

The following roles are assigned to the users:

  • Marc - Product Manager
  • Andrea - Copywriter
  • John - Product Manager
  • Andrew - Photographer
  • Bill - Marketing Manager

There are the following products in the system:

  • Electric engine b124e

    • the specified Team "New Catalog Team"
    • Assigned User: Andrea
    • Owner: -
  • Electric engine c212f

    • the specified Team "New Catalog Team"
    • the specified Team "General Product Team"
    • Assigned User: Andrew
    • Owner: -

The authorizations to edit the product "Electric engine b124e" are given accordingly:

  • Marc - because he belongs to the team that is specified for this product and the role assigned to him has access to editing at the team level.
  • Andrea - because she is an assigned user for this product and the role assigned to her has access to editing on the own level.

The authorizations to edit the product "Electric engine c212f" are given accordingly:

  • Marc - because he belongs to the team that is specified for this product and the role assigned to him has access to editing at the team level.
  • Andrew - because he is an Assigned User for this product and the role assigned to him has access to editing on the own level.
  • John - because he belongs to the team specified for this product and the role assigned to him has access to editing on the team level.

Although the user Bill belongs to the team that is specified for both products, these products are not displayed to him because the role assigned to him only has access to editing at the own level.

Field level permissions

AtroPIM offers among other things the possibility to configure the access rights on the field level of a certain entity. To do this, when editing the role on the Field Level panel, click on the icon after the relevant entity. A popup is opened with the fields belonging to this entity. After selecting the field, you can set access to read or edit this field by specifying yes orno for the required action.

field-level-permissions

This function is necessary if the user needs access to certain entries, but is not allowed to change the values in other fields (e.g. to avoid accidental changes) or to see them. This function is particularly useful when different people are responsible for filling in various fields. For example, if you have an employee who only needs to enter technical details on the product page, it is advisable to restrict his permissions to edit the SKU orProduct Status fields.

Before setting the role, you must carefully and thoroughly analyze which tasks a particular user has to perform and which access rights he should be given.

For the Delete authorization, it is advisable not to set the access level higher thanown - to avoid that, the user deletes the entries that were not added by him.

Correct role settings make it possible to reduce the number of errors in the system, ensure data security and avoid accidental changes by users who are not supposed to have the permissions to do so. The general rule that you should adhere to when configuring roles is as follows: You only have to set the authorizations and access for the user to the entities and their fields to which he needs access to fulfill his official duties.