Custom Roles

You can use the Custom Roles feature to grant access to specific objects (such as Process Definitions, Chain Definitions, and Queues) to users who would not otherwise have access to those objects.

Custom roles have no specific privileges in the Redwood Cloud Portal. They are simply named roles that can be applied to users.

Applying Custom Roles to Objects

To make a custom role actually do something, you have to assign the custom role to an object. For example, assume you have created a custom role named Finance_Chain_Operators, and you would like all users with this custom role to be able to submit and view the Chain Definition Finance_Chain on the Queue named Finance_Chain_Queue.

Note: For more information about chains and Queues, see About Chain Definitions. For more information about Queues, see Managing Workload with Queues, Process Servers and Queues, and About Queues. For more information on object privileges, see Granting and Revoking Object Privileges.

To make this happen, you would:

  1. Navigate to Definitions > Chains and select the Finance_Chain row.

  2. Right-click the Chain in the list and choose Edit Security. The Edit Chain Definition window displays.

  3. Click under the User/Role column in the first blank row and select the name of the custom role (in this case, Finance_Chain_Operators).

  4. In the same row, click under the Granted Rank column and select the desired option (in this case, Submit and View).

  5. Click Save.

  6. Navigate to Environment > Queues and repeat the process for the target Queue (in this case, Finance_Chain_Queue).

Note that custom roles must be granted on an environment-by-environment basis. This means that granting access to an object in the Test environment does not automatically grant access to that object in other environments.

Creating Custom Roles

To create a custom role:

  1. Go to the Redwood Cloud Portal and navigate to Security > Roles.

  2. Click New Role at the bottom.

  3. Enter a name for the role in the Name field.

  4. If desired, enter a description for the role in the Description field. If this value is not specified, the custom role's Name displays in the UI.

  5. As a best practice, enter some documentation into the Documentation field. The notes in this field should describe what the custom role is for and how it should be applied.

  6. Check the environments in which you want the custom rule to apply.

  7. Click Save.

Assigning Custom Roles to Users

For information on assigning custom roles to users, see Managing Users and Roles.

Considerations When Using Custom Roles

The following points should be considered if you are planning to use custom roles:

  • Custom roles require privileges to be granted on processing Queues. Ensure that allowing one set of users to submit processes onto a Queue does not compromise integrity of other objects associated with the same Queue (for example, if a Queue is served by more than one Process Server).
  • Users with the Login role can see standard system Process Definitions, but cannot submit them unless they are granted access via a custom role. Without a custom role, they also cannot see or interact with any customer specific objects.
  • Users with the No Accessrole in an environment cannot be granted a custom role in that environment.

Note: Custom roles are defined and maintained by customers. Control of access granted by custom roles is the responsibility of the customer, not the Redwood operations team.