Permissions

Important! The tenant permissions interface is available only to Tenant Admins, Tenant Readers, and personas with specific access grants.

Accessible from the Administration menu under Tenant > Permissions, the Tenant Permissions page contains configuration cards for viewing and assigning roles and permissions to users and groups. The Permissions page contains the following interactive cards: Users, Roles, and Groups. The link icon at the top of each card indicates its status:

  • Primary card:

  • Linked card:

By default, the Users card is set as the primary card, as indicated by the blue link icon. To change your primary card, click the link icon on any card.

Users card, set as the primary card

Tip: To expand any card for easier viewing, click the expand icon (). To restore the original view, click the collapse icon (). To locate an existing item in a table, click any column header to sort by that column. An up arrow appears in the column header, indicating that the sort is in ascending order. Click the column header again to switch to descending order, indicated by a down arrow.

Users card

When the Users card is primary, you can manage the users listed on the card. Select one or more users to view their associated roles and groups, indicated in the check box columns on the other cards.

Note: If multiple users are selected, some check boxes on the other cards may display a horizontal line () instead of a check. This means that the indicated roles or groups apply to at least one of the selected users, but not all of them.

Users card set a primary with a user selected

The Users card supports the following actions:

  • To view properties for any user, click on a name in the User Name column to open the User properties panel.

  • To enable roles for one or more users, make sure that the Users card is set as primary. Select users on the Users card and then make your role selections on the Roles card. Click the Save icon on the Roles card to complete the new role assignments.

    Note: To cancel role changes without saving them, click the refresh icon () on the Roles card.

  • To add a user to the tenant, make sure that the Users card is set as primary and click the plus icon (). In the dialog that appears, select a Domain from the dropdown. To add a new user, select Link user and then enter a Username. To add an existing user, select Existing user and then select a user from the list that appears. Click Link. The new user appears on the Users card.

  • To disable a user account without deleting it, click the slider icon () in the Enabled column and then click Save in the confirmation dialog.

  • To enable a user that is currently disabled, click the disabled slider icon () in the Enabled column and then click Save in the confirmation dialog.

  • To delete a user, click the Actions menu icon () on the same row, select Delete, and then click Remove in the confirmation dialog. To delete multiple users, select them from the list and then click the trash icon ().

Note: For more information about managing user accounts within a tenant, see Tenant users.

Roles card

When the Roles card is primary, you can identify which users have a given role (such as Admin). You can also assign roles to users and groups. Select one or more roles to automatically indicate the corresponding users and groups on the other cards.

Note: If multiple roles are selected, some check boxes on the other cards may display a horizontal line () instead of a check. This means that the indicated users or groups apply to at least one of the selected roles, but not all of them.

Roles card, set as primary

The Roles card supports the following actions:

  • To view properties for any role, click on a role name in the Name column to open the Role properties panel.

  • To enable users with one or more roles, make sure that the Roles card is set as primary. Make your role selections on the Roles card and then select users on the Users card. Click the Save icon on the Users card to complete the new assignments.

    Note: To cancel changes without saving them, click the refresh icon () on the Users card.

  • To enable groups with one or more roles, make sure that the Roles card is set as primary. Make your role selections on the Roles card and then select groups on the Groups card. Click the Save icon on the Groups card to complete the new assignments.

    Roles cannot be assigned to users and groups at the same time. These actions must be performed separately

    To cancel changes without saving them, click the refresh icon () on the Groups card.

  • To add a role to the tenant, make sure that the Roles card is set as primary and click the plus icon (). In the dialog that appears, select an application from the dropdown and type a unique role name in the Name field. Enter a Description of the role (optional). You can also select one or more existing roles from the list, if available. Click Add. The new role appears on the Roles card.

  • To edit an existing role, click the Actions menu icon () on the same row, select Edit, and click Remove in the dialog that appears. You can make changes to the Name and Description fields, or you can select one or more existing roles from the list, if available. Click Save.

  • To disable a role without deleting it, click the Actions menu icon () on the same row, select Disable, and then click Save in the confirmation dialog.

  • To enable a role that is currently disabled, click the Actions menu icon () on the same row, select Enable, and then click Save in the confirmation dialog.

Note: For more information about roles, see Personas and roles.

Groups card

When the Groups card is primary, you can manage groups and add roles to groups. Select one or more groups to automatically indicate the corresponding users and roles on the other cards.

Note: If multiple groups are selected, some check boxes on the other cards may display a horizontal line () instead of a check. This means that the indicated users or roles apply to at least one of the selected groups, but not all of them.

Note: The Synched column indicates each group's current status within the selected domain:

  • Synched:
  • Not synched:
  • Disabled:
  • Does not exist within the domain, or access has been revoked: Hover over the icon to view a status tooltip.

The Groups card supports the following actions:

  • To view properties for any group, click on a group name in the Group column to open the Group properties panel.

  • To enable roles for one or more groups, make sure that the Groups card is set as primary. Select groups on the Groups card and then make your role selections on the Roles card. Click the Save icon on the Roles card to complete the new role assignments.

    Note: To cancel role changes without saving them, click the refresh icon () on the Roles card.

  • To add a group to the tenant, make sure that the Groups card is set as primary and click the plus icon (). In the dialog that appears, select a Domain from the dropdown and enter a Group name. Click Save. The new group appears on the Groups card.

  • To disable a group without deleting it, click the slider icon () in the Enabled column and then click Save in the confirmation dialog.

  • To enable a group that is currently disabled, click the disabled slider icon () in the Enabled column and then click Save in the confirmation dialog.

  • To delete a group, select it from the list, click the trash icon (), and then click Remove in the confirmation dialog.

Note: For more information about managing groups within a tenant, see Groups.

Card order

To adjust the page layout, click the reorder icon () on the primary card to open the Card order dialog. The cards listed under Leading column appear on the left side of the page, and the cards under Trailing column appear on the right side of the page.

To move a card from one column to the other, or to change the order within a column, simply drag an item to the desired location, or select an item and then move it by clicking the arrows in any available direction. Click Update to save your changes.

Note: The Properties panel appears only when you select a user, role, or group to view its properties. You can configure its desired location on the page in relation to the Users, Roles, and Groups cards.

Column options

Each table on the Permissions page supports the following column options:

  • To reorder the columns, drag a column header to the desired location in the table.

  • To pin any column to the left or right side of the table, hover over the desired column header, click the horizontal menu icon (), and select Pin Column. Then select Pin Left or Pin Right. To clear a column pin, select No Pin.

    Tip: From the same menu, you can also reset the column width for either the current column or all columns. Select Autosize This Column or Autosize All Columns.

  • To hide columns or to restore hidden columns, hover over any column header and click the horizontal menu icon (). In the dialog that appears, click the grid icon to view the column-selection tab.

    Deselect the columns that you want to hide, and select any hidden columns that you want to restore to the table.

    Note: The first and last columns (selection column and actions column) cannot be hidden.

    After making your selections, click anywhere outside the dialog to close it.

    Tip: To locate a column name in a long list of columns, type all or part of a column name in the Search box and press Enter. Only matching results appear in the list. To restore the full list, clear the Search box.

  • To filter by items in a column, hover over any column header and click the horizontal menu icon (). In the dialog that appears, click the filter icon (not available for all columns). Depending on column type, the following filter options are available:

    • For columns that contain names, the Contains operator is selected by default. If needed, select another operator from the dropdown. Type all or part of a value in the Filter field.

      Press Enter. The column displays only matching results.

      Note: You can include additional search criteria in your filter before pressing Enter. When you enter text in the Filter field, a Boolean operator selection appears with the And (default selection) and Or options, as well as an additional Filter field. Type all or part of a value in each additional Filter field and then press Enter.

    • For columns that contain predefined selections only, select or deselect any of the available options, or type all or part of a value in the Search field. Click anywhere outside of the dialog to close it. The column displays only matching results.

  • To reset the columns and clear all changes to the current table view, hover over any column header, click the horizontal menu icon (), and select Reset columns.