Navigating Roles and Privileges
This article discusses how to find a role that grants one or more specific privileges.
If you lack a specific privilege to do something specific in the platform, you will see a tooltip listing
- The privilege that you need
- The roles that grant the privilege
- The roles you currently have that negate the privilege (if any)
For example, assume that you have a user with the “Basic User” role. You need to manually ingest data into the platform, which requires manually creating an assessment.
When you go to the Assessments page, you will see a tooltip if you hover your mouse pointer over the option to create an assessment. It tells you that you lack the privilege “Assessment Control”. The tooltip also lists both system-owned and client-owned roles that grant Assessment Control. In the screenshot below, the roles that grant “Assessment Control” include both foundational roles like “Data Manager” and custom roles like “OnlyAssessmentControl”.
In the UI, you can see the roles and privileges that you currently have by hovering your mouse pointer over your “user” icon on the upper right.
With this information, a user with the role “User & Role Provisioning Owner” can grant you one or more of the roles that map to “Assessment Control”. If you need more information about these roles, you can also visit the Roles page.
Searching for Roles via the Roles page
The Roles page lists all privileges that each role grants or negates. In this example, assume that you still need to find a role with “Assessment Control”. First, go to the Roles page.
Type in "Assessment Control" in the search input box.
The Assessment Control card will become visible.
Now click through roles on the left side bar. As you click through the various roles, look for ones that display a green checkmark for the Assessment Control card.
Role Negation
Less commonly, you made need to remove a role that negates the privilege that you need. For example, the role “C Level Observer” negates many privileges, including “Assessment Control”. Negation always take precedence. Even if you have a role that grants a privilege, a role that negates the same privilege will prevent you from performing any action that requires the privilege.