Roles are the mechanism by which you assign Resources to users, and delegate the ability to perform Administrative actions.
The Roles Table
Users or Groups are assigned to each Role, any Resource also assigned to the same Role is accessible by the Users, or any Users within the Groups that have been assigned.
Creating or Updating a Role
Roles as assigned to Resources during their creation. Click on the Roles tab and move any Roles that you want access over the right 'Included' column.
Assigning the Role to a Resource
Delegating Administrative Actions
When you Create or Update a Role, the Permissions tab allows you to add a set of permissions from the system. Most of these Permissions typically allow you to assign Create, Read, Update, Delete operations for each distinct area of the system. However there are some standard user permissions such as the ability to Logon or Update their own profile.
Simply move the Permissions you want to delegate over to the right 'Included' column to assign these to any Users or Groups also assigned to the Role.
Adding Permissions to a Role
There are a number of Roles that are predefined by the System. You cannot delete these built-in Roles but you can edit some of their permissions or assign users to them.
This Role is available exclusively in the System Realm. Any User with the System Administrator Role can perform any action within the system. The default admin account is a System Administrator account.
You cannot edit the Permissions assigned to this Role, but you can edit the Users and Groups assigned.
The Administrator Role is available in all Realms. This delegates all the available permissions within a Realm to the Users assigned. This is not the same as the System Administration Role, it allows assignees to completely manage their Realm, but they are not able to access System or other Realm configurations.
You may not edit the Permissions assigned to this Role, but you can edit the Users and Groups assigned.
The Everyone Role includes all Users within a Realm. By default it provides the Logon, Profile Read and Profile Update Permissions so that all Users are able to access the System. Changes to this Role only affect the Realm in which it resides.
You cannot edit the Users or Groups assigned to this Role, but you can edit the Permissions assigned.