Grant Roles to Members

Overview
Purpose
Feature Description
Instructions
Important Notes

Overview

You can grant created Role and Permissions to Members.

Purpose

The Grant Role to Members feature is used for the following purposes.

Prevention of human configuration errors and standardization of operations: Instead of setting detailed Permissions for each Member individually, by selecting and granting verified "Roles", you can prevent configuration omissions and incorrect Permission grants(such as granting excessive Permissions).
Flexible response to projects and outsourcing: Enables flexible access right management according to the situation, such as granting higher Permissions only during a specific project period or assigning limited Roles to short-term external staff.
Rapid application to organizational changes and personnel transfers: When department transfers, or changes in assigned duties occur, simply by switching the Roles linked to the Member, you can quickly transition to a Permission state suitable for the new business content.

Feature Description

What are Roles and Permissions?

A "Role" is a configuration feature for specifying Access Scope and Actions (Read / Write) for a member in detail.
When the "System Role" alone provides too wide an access scope, combining roles and permissions allows you to restrict access according to business content as follows:

Allow access to only specific features
Prohibit editing and allow only viewing
Allow viewing and editing only for customer data assigned as a person in charge

In this way, using roles and permissions enables fine-grained data access control for each member.

Members Eligible for Roles and Members Who Can Manage Them

Created roles can be assigned to members whose System Role is "Member" and System Permission is "Write".
This allows you to control the range of accessible data and executable actions for each "Member / Write" member.

Administrative operations such as creating and editing roles can be performed by the following members:

Members whose System Role is "Primary Owner"
Members whose System Role is "Owner"
Members whose System Role is "Member" and System Permission is "Admin"

On-Screen Behavior Due to Permission Settings

Members who are granted only "Read" permission by a role can view data but cannot perform writing operations such as creation, editing, or deletion.
Depending on the content of the permission settings, operations are restricted on the screen, such as buttons and menus related to writing being hidden or disabled.

Difference from "System Role / System Permission"

"System Role" is a high-level concept that defines the role of the member itself, and unlike the "Role and Permissions" mentioned earlier, it differs from the structure where individual setting information is registered and assigned to members.
"System Role" allows you to set mainly one of the following two.

Owner:
You can use all features of DEXTRE.
Note that one of the Owners in the Maker will be a special role called "Primary Owner" as a representative.
Member:
Some DEXTRE features are restricted.
Currently, restrictions are placed on operations related to contracts.

"System Permission" is defined directly for members in the same way.
Mainly, you can set one of the following two.

Admin:
You can use all features allowed by the "System Role".
If the System Role is "Owner", the System Permission is fixed to "Admin".
Write: This is a System Permission that allows you to configure "Role and Permissions", which is the main theme of this document.
Unless specifically restricted, it has almost the same operational authority as "Member / Admin" regarding business execution.
*Some important operations such as "Invite a new member" are restricted.

Instructions

Go to the Operation Screen

warning

This action can be performed by members with "Primary Owner", "Owner", and "Member / Admin".

Click Maker Settings > Open Maker Settings on the top left of the screen.
Click Member.
Click Members.
Click Grant Roles.
The "Grant Role to Members" modal opens.

Enter the Form

Only members with "SYSTEM ROLE / SYSTEM PERMISSION" of "Member / Write" are displayed.

Select Role
Click and check the checkbox at the intersection of the MEMBER NAME(row) and the role you want to grant(column).
Currently, only one role can be granted.

*If you want to unassign a role, please uncheck the box.

Execute the Operation

Click Apply.
When a role is granted to a member, the name of the granted role is displayed in "Role" of the Members.

Important Notes

Please note the following points when using the feature to grant roles to members.

Members with Permission to Grant Roles

Only members with the system role of "Primary Owner" or "Owner", or the system permission of "Admin" can grant roles to members.

Target Members for Roles

Roles can be granted to members whose System Role is "Member" and System Permission is "Write".

It is not intended to use the "Role and Permissions" feature to perform access control for members with higher permissions such as "Member / Admin" or "Owner".
If you want to apply a role to a member with "Member / Admin" or "Owner" permissions, please change them to "Member / Write" from "Edit Member".

Timing of Setting Reflection

Settings for granting, editing, and revoking roles are reflected immediately in the target member's environment.

If the target member is signed in to the system, permissions may switch suddenly during operation, potentially causing errors or making screens unviewable.
We recommend changing settings during times when the target member is not working as much as possible.

Overview​

Purpose​

Feature Description​

What are Roles and Permissions?​

Members Eligible for Roles and Members Who Can Manage Them​

On-Screen Behavior Due to Permission Settings​

Difference from "System Role / System Permission"​

Instructions​

Go to the Operation Screen​

Enter the Form​

Execute the Operation​

Important Notes​

Members with Permission to Grant Roles​

Target Members for Roles​

Timing of Setting Reflection​