Role templates
Role templates are global to the application and are available for role assignment by any administrator of a security domain who has the Assign Roles administrator permission.
Because the Assign Roles permission is a global permission, it is not constrained by the hierarchy of the role. Users who are granted this permission can manage any role in the system.
Role templates are the preferred method for granting users or groups application permissions.
Note:
- Both application permissions and ACLs are included in the role definition process. When a role is assigned to a user or a group on any business entity or security context point, that user or group automatically acquires the application permissions defined in that role template.
- When a user or group is assigned multiple roles, the user or group accumulates the application permissions that are defined in the various roles. Application permissions are granted by the role (not the security context point) and apply in all situations where the user has the correct ACL access. For example, users with Read permission to Business Entities and the Audit Trail application permission are able to view the Activity tab for those Business Entities.