Delete Role and Permissions
Overview
You can delete created roles and permissions.
Purpose
The delete roles and permissions function is used for the following purposes.
- Role inventory due to organization changes or business termination: Delete roles that are no longer used due to organizational reorganization or project completion, and organize information on the management screen. This prevents operational errors where Admins mistakenly grant old permissions to users.
- Elimination of potential security risks: Leaving unused roles (especially those with strong permissions) on the system poses risks of unauthorized use or management oversight. By deleting unnecessary roles, you fundamentally eliminate security risks.
- Securing creation slots for new role creation: Use this when a new business role is needed while the system's role creation limit (maximum of 5) has been reached. By deleting existing unnecessary roles, you secure empty slots for creating new ones.
Feature Description
What are Roles and Permissions?
A "Role" is a configuration feature for specifying Access Scope and Actions (Read / Write) for a member in detail.
When the "System Role" alone provides too wide an access scope, combining roles and permissions allows you to restrict access according to business content as follows:
- Allow access to only specific features
- Prohibit editing and allow only viewing
- Allow viewing and editing only for customer data assigned as a person in charge
In this way, using roles and permissions enables fine-grained data access control for each member.
Members Eligible for Roles and Members Who Can Manage Them
Created roles can be assigned to members whose System Role is "Member" and System Permission is "Write".
This allows you to control the range of accessible data and executable actions for each "Member / Write" member.
Administrative operations such as creating and editing roles can be performed by the following members:
- Members whose System Role is "Primary Owner"
- Members whose System Role is "Owner"
- Members whose System Role is "Member" and System Permission is "Admin"
On-Screen Behavior Due to Permission Settings
Members who are granted only "Read" permission by a role can view data but cannot perform writing operations such as creation, editing, or deletion.
Depending on the content of the permission settings, operations are restricted on the screen, such as buttons and menus related to writing being hidden or disabled.
Difference from "System Role / System Permission"
"System Role" is a high-level concept that defines the role of the member itself, and unlike the "Role and Permissions" mentioned earlier, it differs from the structure where individual setting information is registered and assigned to members.
"System Role" allows you to set mainly one of the following two.
- Owner:
You can use all features of DEXTRE.
Note that one of the Owners in the Maker will be a special role called "Primary Owner" as a representative. - Member:
Some DEXTRE features are restricted.
Currently, restrictions are placed on operations related to contracts.
"System Permission" is defined directly for members in the same way.
Mainly, you can set one of the following two.
- Admin:
You can use all features allowed by the "System Role".
If the System Role is "Owner", the System Permission is fixed to "Admin". - Write:
This is a System Permission that allows you to configure "Role and Permissions", which is the main theme of this document.
Unless specifically restricted, it has almost the same operational authority as "Member / Admin" regarding business execution.
*Some important operations such as "Invite a new member" are restricted.
Instructions
Go to the Operation Screen
This action can be performed by members with "Primary Owner", "Owner", and "Member / Admin".
- Click Maker Settings > Open Maker Settings in the top left of the screen.
- Click Member.
- Click Access Control.
- Click the Remove button for any role and permissions you want to delete.
The "Delete Roles And Permissions" modal opens.
Execute the Operation
- Confirm the "Code" and "Role Name" of the displayed role and permissions, and click Remove.
If successful, the corresponding role will be deleted and will no longer appear in the list.
*Roles and permissions assigned to members cannot be deleted.
Important Notes
Please note the following points when using the delete roles and permissions feature.
Members with deletion permissions
Only members with the System Role of "Primary Owner" or "Owner", or the System Permission of "Admin" can delete roles and permissions.
Roles assigned to members cannot be deleted
Roles currently assigned to one or more members cannot be deleted.
An error message will be displayed if you attempt to execute the deletion.
If you want to delete a role, please perform Change to another role or Unassign role in advance for all members to whom the target role is assigned. Please execute the deletion when the number of linked members becomes 0.
Deleted roles cannot be restored
There is no feature to restore a role once it has been deleted. If you accidentally delete it, you will need to recreate the settings from scratch via "Create Role and Permissions".
If you need the content of the permission settings, we recommend taking a copy of the settings via screen capture or memo before deletion.