You can arrange Security Roles hierarchically. Each role may be include multiple roles, or be included by multiple roles, or both. This is referred to as ‘Role Nesting’.
If one role includes a second role as a member - in the Members (Roles) tab of the first role – then the first role applies to users that are assigned to the second role. Equivalently, users assigned to the second role receive permissions that are assigned to the first role.
If the second role is shown in the Members (Roles) tab of the first role, then conversely the first role will appear in the Member Of tab of the second role.
Members (Roles)
- The listed roles are members of the currently role.
- Users assigned to member roles are also effectively in the current role.
- Equivalently, each of the Members (Roles) inherit permissions of the current role
Member Of
- The current role is a member of the listed roles
- Users assigned to the current role are also effectively in the listed roles.
- Equivalently, the current role inherits permissions of the Member Of roles.
Role Nesting is transitive, which means that users and permissions flow through the hierarchy if multiple roles are chained together. For example, if the Members (Roles) tab of role A contains role B, and if the Members (Roles) tab of role B contains role C, then role C is also effectively a member of role A; the users assigned to role C will effectively be in role A; and equivalently permissions assigned to role A are granted to users in role C.
Nesting a user role
To add a user role to another user role:
- Open the tenant administration page
- Log-in as Administrator
- Select Administration from the dropdown in the Header
(the Administration page opens with menu on the left) - In the Left Navigation Area, select Security. The Security expands to display list.
- Select User Roles. The existing User Roles display.
- Select the user role you want to be the parent and select ACTION. The menu appears.
- Select Edit. The User Role displays.
- Select Members (Roles) tab.
- Select the Link to Existing icon. The Select User Role dialogue appears.
- Quick search for the user role you want.
- Select OK to confirm.