Overview
Roles and permissions let you define what each user can access and do in your Persona dashboard.
This guide covers concepts that will help you configure roles and permissions.
You’ll see:
- What a permission defines: A conceptual framework to help you reason about permissions. A role is a collection of permissions.
- How to use the roles configuration UI: Learn the different sections of the UI to select users and permissions for a role.
- An example role: See a realistic example role, made for a contractor with limited permissions.
What a permission defines
A role is a collection of permissions.
A permission defines:
- What can a user do
- To what
- Where
- With what additional constraints (if applicable)?
Here are concrete examples to illustrate what this means in the Persona dashboard:
- View (do) the details of a Report (what) in the Sandbox environment (where), and only for certain Report templates (additional constraints).
- Edit (do) an Inquiry template (what) in all environments (where), and across all current and future Inquiry templates (additional constraints).
Roles configuration page
In the Persona dashboard, find roles under Team > Roles.
In the list of roles, select a role to view its details.
Tabs—users, org-level permissions, environment-level permissions
Within each role, configurations are separated into tabs.
These tabs fall into three main categories: users, org-level permissions, and environment-level permissions.
Users
This tab lets you see which users are assigned to this role, and add/remove users with the role.
Organization-level permissions
One tab contains permissions that apply across the organization (i.e. in all environments). This tab is:
- Admin
Environment-level permissions
Some permissions apply only to specified environments. The relevant tabs are:
-
Environments
-
Product
-
Data
-
Development
Configuring environment-level permissions
To configure environment-level permissions:
- Use the Environments tab to select the environments in which these permissions will apply.
- Use the Product and Data tabs to specify the permissions.
On the Environments tab, you can choose Enable all current and new environments for role. That means if you create a new environment after you’ve configured this role, this role will automatically have access to that new environment.
UI controls and options
Across these tabs, you’ll see one or more of the following types of options:
-
View and Edit checkboxes: These are the predominant way to select permissions.
-
Nested permissions: Some permissions are nested. By checking one box, you can specify that you want to grant a role access to ALL permissions in a category of related permissions. Here’s an example, for API permissions. Checking the one box next to “API” automatically selects both “API keys” and “API logs.”
-
Additional configurations for a permission: Some permissions have an additional configuration. Here’s one example, in the permission for Teams. (Read Example role below to see examples that apply to product templates.)
-
Advanced settings: Some tabs have advanced settings. These tend to be broader permissions.
Example role
Let’s walk through an example of a role.
Scenario
We want to create a role that lets a contractor review Cases assigned to them. And:
- The Cases will all be from 1 Case template.
- The Case template pulls information about Report matches from a specific Report template.
- The Case template also pulls information from corresponding Accounts, and Inquiries from a few specific Inquiry templates.
Example role with minimal permissions
We can create a role that gives them just the permissions they need:
-
Create a role named “Contractor for Cases review”.
-
Grant the role access to the one environment they will work in: Production.
-
Grant the role these specific permissions:
- Cases: View + Edit Case details
- Configuration: Only for the specific Case template, and for Cases assigned to that user.
- This setup will allow the contractor to view the specific Cases assigned to them and associated information within each Case. They will not be able to view or access additional details outside of the Case unless they receive additional permissions.
- Cases: View + Edit Case details