Edit Role and Permissions
Overview
You can edit the content of the created Role and Permissions.
Purpose
The Edit Role and Permissions feature is used for the following purposes.
- Flexible response to organizational changes and changes in business workflows: By modifying the permission content of existing roles to accompany the introduction or changes in business processes, system settings can be immediately adapted to the current state of actual operations.
- Permission tuning after the start of operations (resolving deficiencies): Permission levels are fine-tuned and optimized to address issues identified after the start of actual operations, such as "operations stalling due to insufficient permissions" or "excessively strong permissions being granted."
- Review of permissions due to strengthened security policies: Based on increased company-wide security standards or audit findings, existing permission settings are collectively modified and applied to stricter content.
Feature Description
What are Roles and Permissions?
A "Role" is a configuration feature for specifying Access Scope and Actions (Read / Write) for a member in detail.
When the "System Role" alone provides too wide an access scope, combining roles and permissions allows you to restrict access according to business content as follows:
- Allow access to only specific features
- Prohibit editing and allow only viewing
- Allow viewing and editing only for customer data assigned as a person in charge
In this way, using roles and permissions enables fine-grained data access control for each member.
Members Eligible for Roles and Members Who Can Manage Them
Created roles can be assigned to members whose System Role is "Member" and System Permission is "Write".
This allows you to control the range of accessible data and executable actions for each "Member / Write" member.
Administrative operations such as creating and editing roles can be performed by the following members:
- Members whose System Role is "Primary Owner"
- Members whose System Role is "Owner"
- Members whose System Role is "Member" and System Permission is "Admin"
On-Screen Behavior Due to Permission Settings
Members who are granted only "Read" permission by a role can view data but cannot perform writing operations such as creation, editing, or deletion.
Depending on the content of the permission settings, operations are restricted on the screen, such as buttons and menus related to writing being hidden or disabled.
Difference from "System Role / System Permission"
"System Role" is a high-level concept that defines the role of the member itself, and unlike the "Role and Permissions" mentioned earlier, it differs from the structure where individual setting information is registered and assigned to members.
"System Role" allows you to set mainly one of the following two.
- Owner:
You can use all features of DEXTRE.
Note that one of the Owners in the Maker will be a special role called "Primary Owner" as a representative. - Member:
Some DEXTRE features are restricted.
Currently, restrictions are placed on operations related to contracts.
"System Permission" is defined directly for members in the same way.
Mainly, you can set one of the following two.
- Admin:
You can use all features allowed by the "System Role".
If the System Role is "Owner", the System Permission is fixed to "Admin". - Write:
This is a System Permission that allows you to configure "Role and Permissions", which is the main theme of this document.
Unless specifically restricted, it has almost the same operational authority as "Member / Admin" regarding business execution.
*Some important operations such as "Invite a new member" are restricted.
Instructions
Go to the Operation Screen
This action can be performed by members with "Primary Owner", "Owner", and "Member / Admin".
- Click Maker Settings > Open Maker Settings on the top left of the screen.
- Click Member.
- Click Access Control.
- Click the Edit button for the arbitrary Role and Permissions you want to edit.
You will be redirected to the "Edit Role and Permissions" page.
Enter the Form
Basics
Items 1 to 3 are editable. Edit the items you want to change.
- Code *Required
Enter the "Code" to be used primarily as an identifier by the system within DEXTRE.
Registration with half-width alphanumeric characters and symbols is recommended.
Note that a code that duplicates another role cannot be registered. - Role Name *Required
Enter the Role Name. - Description *Optional
You can enter a Description of the role.
Role Settings
Currently, there are no configurable items. It is planned to be expanded in a future release.
Permission Settings
You can edit the combination of "Access Scope" and "Actions" for each target resource.
-
Expand resources to configure
- Expand All: Expands details for all resources.
- Expand only some resources: Click ">" on the right side of each resource to expand details.
-
Access Scope
Select one of the following two via radio buttons.-
All: Operational permissions targeting the entire range are set.
-
Member's Assigned Customer Buyers:
Operational permissions targeting only the buyers assigned to the member are set.*Depending on the resource, only "All" may be displayed, and "Member's Assigned Customer Buyers" may not be displayed.
-
-
Actions
Select one of the following two via radio buttons.- Read Only: You can only view data for resources within the access scope.
- Read / Write:
You can view and write data for resources within the access scope.
"Write" refers to general data writing operations such as creating, editing, and deleting data.
Checking the Select All Permissions checkbox sets the following combination for all resources.
- Access Scope: All
- Actions: Read / Write
Also, checking the checkbox to the left of each resource name sets the following combination for each corresponding resource.
- Access Scope: All
- Actions: Read / Write
Example of "Access Scope" and "Actions" combinations
Allowed operations are highlighted depending on the combination of permissions.
-
Permission for "Read / Write" operations on all ranges of target resources
- Access Scope: All
- Actions: Read / Write
-
Permission for "Read Only" operations on all ranges of target resources
- Access Scope: All
- Actions: Read Only
-
Permission for "Read / Write" operations on the range of data where access is "Member's Assigned Customer Buyers"
- Access Scope: Member's Assigned Customer Buyers
- Actions: Read / Write
Execute the Operation
Click Update when all settings are complete.
If the update is successful, the "Role and Permissions" will be changed with the edited content.
If an error is displayed, please check if a code that duplicates another role has been registered.
Important Notes
Please note the following points when using the feature to Edit Role and Permissions.
Members authorized to edit
Only Members with the System Role of "Primary Owner" or "Owner", or the System Permission of "Admin", can edit Role and Permissions.
Edits are reflected immediately
When you "Update" existing role settings, the changes are applied immediately to all Members to whom the corresponding role is assigned.
Since it is reflected without waiting for the system logout or re-login, unexpected errors may occur in the operation of Members who are currently working. Please be careful about the timing of changing settings.
Concerns when reducing or changing permissions
If you narrow the scope of permissions by editing, there is a risk that the target Member cannot continue the work they are currently doing.
- Change of scope: When changing from "All to Member's Assigned Customer Buyers", access to data outside of the assignment will become unavailable.
- Change of action: When changing from "Read / Write to Read Only", Members who were able to register or edit data until now will have only read-only permissions.
When changing settings, please verify the target Member's business content and necessary permission scope in advance.
Duplicate codes with registered codes cannot be used
Since the "Code" serves as an identifier for the entire system, you cannot register the same code as an existing role.
Please set a unique half-width alphanumeric string that is easy to manage.
About "Expand All" and bulk check function
Using "Select Expand All" or the checkbox next to each resource automatically sets "Access Scope: All" and "Actions: Read / Write".
Please be sure to check the contents after bulk setting so as not to unintentionally grant excessive permissions.
Limitations on Access Scope
In "Access Scope", the option "Member's Assigned Customer Buyers" is only selectable for some resources linked to buyer information, such as "Customer Buyer", "Order", and "Delivery Note".
For other resources, only "All" is selectable.