Managing Lifecycle User Roles
User roles define the permissions and level of access granted to an end user of the system, and defines which users are allowed access to the admin console.
You can create and manage custom user roles within Lifecycle with extremely granular controls. In addition, there are two default user roles within the product that can grant users specific permissions related to profile types.
The Non-Employee admin role must be created separately.
To create and manage user roles for Portal users, refer to Collaboration User Roles. Lifecycle roles can't be applied to Portal users, and Collaboration roles can't be applied to Lifecycle users.
Custom User Roles
You can create custom roles in your tenant to manage user access to areas of the product and to various profiles types. Custom roles are granted to users based on whether they have a group or entitlement.
Create a User Role
Within the Lifecycle product:
-
From the Admin Console, select Lifecycle in the left navigation.
-
Select User Roles.
-
Select the + New Role button.
-
In the BASIC SETTINGS SECTION:
-
In the Name field, enter a unique name for the role.
Note
The UID attribute is system generated unique identifier and it cannot be changed after the role is created. During the role's initial creation, administrators can accept the default or choose to customize this value.
-
Select the Private checkbox to hide the role from users on the dashboard.
-
In the Directory groups field, choose a group from the SSO provider that the user will need in order to be granted this role. Multiple groups can be added, but the user only needs one to be granted this role.
Note
If the user doesn't have any entitlements associated with Lifecycle roles, they will be unable to log in to the application.
-
-
In the PERMISSIONS section:
-
Under Application:
Choose the basic functions that users should be allowed to access within Non-Employee.
- To grant users with this role access to the admin console, select the Yes radio button beside admin. Review Managing Administrators for details.
- Select the Yes radio button beside can add contributors to allow users with this role to assign contributors to any profile type the role is allowed to manage. This is determined by the permissions in the Profile Access section of this role, using the All Users with this Role button. Note that if this user role has been granted admin permissions the user will be able to add contributors regardless of this selection.
- Select the Yes radio button beside delegation to grant users with this role the ability to delegate their own access based on their roles to other users. Users with this permission have the Delegates option on the dashboard.
-
Under Profile Access:
All profile types within the application are listed. Choose the level of access users with this role will have to the listed profile types.
- Selecting Only Contributors means that users with this role can only access the listed profiles of this profile type if they're already marked as a contributor or owner of that profile type.
- Selecting All Users with this Role allows all users who have this role can to access and manage profiles in this profile type, regardless of whether they're also listed as a contributor or owner of any specific profile.
-
Under Attributes:
Choose whether or not users in this role should be able to view or edit the values of the attributes in your site.
- If you select None, users associated with this role won't be able to view or edit this attribute.
- If you select View, users with this role will be able to view the attribute's value for a profile, but not edit it.
- If you select Edit, users with this role can view and edit the value of this attribute directly on the profile's page, without using a workflow.
-
Under Workflows:
Choose which workflows users with this role can execute.
- If you select None, users with this role won't be able to execute this workflow. However, they can still approve or deny requests associated with the workflow, complete fulfillment tasks, and contribute to the workflow in other ways.
- If you select Can Execute, users with this role can execute this workflow as well as contribute to it in other ways.
-
Under API Access:
Note
These options are only available to customers using a legacy on-premise implementation.
Choose the types of API calls users with this role should be permitted to make.
- Get allows users associated with this role to view information using the API.
- Post allows users associated with this role to create new records using the API.
- Patch allows users associated with this role to update existing records using the API.
- Delete allows users associated with this role to delete existing records using the API.
These options are displayed as applicable for a variety of functions within Non-Employee. Choose which functions these users should be able to access via the API. This does not impact what the users can access in the UI.
-
-
Select the Create button.
Manage Existing User Roles
To view existing user roles, from the Admin Console:
-
Select Lifecycle in the left navigation
-
Select User Roles
-
Within the DIRECTORY GROUPS page, the following tabs are displayed:
- Active - Displays all active user roles.
- Archived - Displays all archived user roles.
-
Select the checkbox beside the roles you want to edit. To select all roles, select the checkbox next to the NEPROFILE GROUP ROLES header.
The Actions button is displayed at the top of the screen.
-
Select the
ellipsis icon next to Actions button to display the available actions.
- Archive - Immediately deactivates the selected roles and moves them to the Archived tab.
- Unarchive - Immediately activates the selected roles and moves them to the Active tab.
- Export - Generates a JSON file containing the metadata about the selected roles and any related configuration. When the generation has completed, select Download to save the metadata to a local file.
-
Alternatively, you can make changes to a role by selecting its name and making edits directly to its name, groups, or permissions.
System Default Roles
System Default Roles control the management of profiles within the application. The two default roles are Profile Owner and Profile Contributor.
Profile owners and contributors are added to individual profiles on the details page for the profile, through assignment in workflows, or with a profile attribute. When a user is added as an owner or contributor, the permissions configured here are granted to that user for that profile only.
To modify system default roles, from the Admin Console:
-
Select Lifecycle in the left navigation
-
Select User Roles
-
Select the SYSTEM DEFAULT tab
-
Select a role to modify
-
Update the appropriate values for each section
-
In PERMISSIONS:
-
Application
- can add contributors: selecting Yes grants users with this role permission to assign contributors to a profile.
-
Attributes
- None: this system role will not have access to this attribute.
- View: this system role will have view only access to this attribute.
- Edit: this system role can edit this attribute.
-
Workflows
- None: prevents this system role from executing the workflow. However, they can still approve or deny requests associated with the workflow, complete fulfillment tasks, and contribute to the workflow in other ways.
- Can Execute: allows this system role to execute the workflow.
-
-
-
Select save.