All the access granted to a role is granted through the permission lists assigned to it. Other than a few specific access permissions that are directly assigned to the user, roles act as intermediary between the permission lists and user profiles.
Permission Lists tab on Roles component is used to define the permission lists granted to the particular role.
Primary Record: PSROLECLASS
Adding Permission List to a Role:
- Search and open the desired role in the Roles component and go to the Permission Lists tab.
- In the Permission Lists grid, add the name of the permission list that should be assigned to the role.
- Save the component.
Figure IV‑2 Roles – Permission Lists
Roles and Permissions lists share a many to many relationship. A single role can have multiple permission lists and a permission list can be assigned to several different roles. This enables a modular security design without having to re-create the permissions lists for each role. There is no single correct design for how large or small each permission list or role should be. It depends purely on the design approach and needs of the organization. However, a single role or permission list with a lot of access leads to creation of several variations of the similar access. A role or permission list with too little access would lead to needing large number of roles/permissions per user effecting system performance.