Roles
CDM-Server Roles as part of the RBAC
Categories:
No Enforcement of Access Control
Permissions management in RBAC is not available in v1.0.0, the Dashboard allows you to begin setting up your organization’s structure in preparation for the full RBAC release.The Roles Management section is the final and essential piece of the Role-Based Access Control (RBAC) in the CDM-Server.
Roles define specific permissions within the system, determining what actions can be taken and what resources can be accessed by groups and their members. Roles are the end-point in the RBAC hierarchy, serving as the permission layer that applies to users indirectly through their assigned groups.
How Groups integrate with RBAC
In the CDM-Server there are 3 predefined Role Template which already have specific permissions:
- Admin: Grants full write permissions on the selected level within the organization’s tree, including all subordinate levels. Admin users have complete control over the selected node and any of its child nodes, allowing them to modify, add, or delete resources.
- Editor: Provides write permissions ONLY on the child nodes of the selected level within the organization’s tree. Editors can modify content and make updates at subordinate levels without altering permissions or resources at the main (selected) level, preserving the structure while enabling focused updates.
- Viewer: Offers read-only access on the selected level within the organization’s tree, including all subordinate levels. Viewers can view resources and data within these levels but cannot make any changes, ensuring secure and restricted access for users who need visibility without modification rights.
Typical Workflow
- Create a Role: Define a new role by selecting the Role Template and level in the organization’s tree (Business Unit or Project).
- Assign Groups: Add groups to the role.
- Review and Adjust: Regularly view and update group and role associations as team compositions change.
For detailed guidance on managing roles, visit the Roles page.