Access ControlCreate or Modify a Role

You can create a role by copying an existing role with similar permissions or by creating a new role. To create a role or modify an existing role, use the following procedures.

Note: When creating or modifying a user or a group, you can use the Roles dialog box to add or remove roles for that user or group. Although a user inherits the roles of a group in which the user has membership, those roles are displayed only on the Roles dialog box for the group, not on the Roles dialog box for the user or the Users dialog box for the role.

Copy an Existing Role

Copying an existing role maintains only the configurations in the Permissions dialog box. The configurations in the Users and Groups dialog boxes and in the Default Permissions, Group Permissions, and User Permissions panels from the existing role are not copied to the new role.

  1. In Access Control Access Control , in the Access Control Tree right-click the role you want to copy and then click Copy Role.
  2. In the Copy dialog box, enter a new Name for the role. Role names are case sensitive.

    3. The following characters are permitted in the name: letters, numbers, parentheses, square brackets, ampersands, plus signs, commas, semi-colons, and tildes. Additionally, the following characters are permitted but cannot begin or end the name: spaces, double quotation marks, single quotation marks, hyphens, underscores, periods, and grave accents. For letters, the case that you specify is displayed, but case is ignored when Spectrum interprets a name. If you will be installing the Spectrum application on a computer running Windows Server, and transferring data between Spectrum instances, see the "Transferring Spectrum Data in a Compressed File" section of the Loftware Spectrum Data Transfer Guide.

  3. Click Save.

    Note: A role can only be saved in the root folder.

  4. With the new role selected, in the ribbon click Home > Edit.
  5. In the Edit Role dialog box, enter a Description for the role.
  6. Click Save.

Create a New Role

  1. In Access Control Access Control , click the root folder in the Access Control Tree and then click Home > Role.

    Note: A role can only be saved in the root folder.

  2. In the Create Role dialog box, enter a role Name. Role names are case sensitive.

    3. The following characters are permitted in the name: letters, numbers, parentheses, square brackets, ampersands, plus signs, commas, semi-colons, and tildes. Additionally, the following characters are permitted but cannot begin or end the name: spaces, double quotation marks, single quotation marks, hyphens, underscores, periods, and grave accents. For letters, the case that you specify is displayed, but case is ignored when Spectrum interprets a name. If you will be installing the Spectrum application on a computer running Windows Server, and transferring data between Spectrum instances, see the "Transferring Spectrum Data in a Compressed File" section of the Loftware Spectrum Data Transfer Guide.

  3. Optionally, enter a Description of the role.
  4. Click Save.

Modify the Role Information

To configure information about a role, do the following.

  1. In Access Control Access Control , click an existing role.
  2. In the ribbon, click Home > Edit.
  3. In the Edit Role dialog box, make any changes needed. Role names are case sensitive.

    The following characters are permitted in the name: letters, numbers, parentheses, square brackets, ampersands, plus signs, commas, semi-colons, and tildes. Additionally, the following characters are permitted but cannot begin or end the name: spaces, double quotation marks, single quotation marks, hyphens, underscores, periods, and grave accents. For letters, the case that you specify is displayed, but case is ignored when Spectrum interprets a name. If you will be installing the Spectrum application on a computer running Windows Server, and transferring data between Spectrum instances, see the "Transferring Spectrum Data in a Compressed File" section of the Loftware Spectrum Data Transfer Guide.

  4. Click Save.

Manage Access to a Role

To control who can do what to a role, do the following.

  1. In Access Control Access Control , click the role you want to manage access to.
  2. Define the permissions in the Default Permissions panel.
    • To grant a permission, click Empty check box (inherited) once to change it to granted Granted.
    • To deny a permission, click Empty check box (inherited) twice to change it to denied Denied.
    • To inherit the default permission from the folder containing this object, clear the check box to change the permission to inherited Empty check box (inherited).

    Tip: You can double-click a row or column header to grant, deny, or clear permissions in that entire row or column.

  3. Configure any exceptions to the default permissions.
    1. In the Group Permissions or User Permissions panel, click Add .
    2. In the Add Group or Add User dialog box, select a group or user, and then click OK.
    3. In the Group Permissions or User Permissions panel, click the group or user name to expand the permissions table for that group or user.
    4. Define the exception's permissions as in step 2.
  4. Click File > Save or Save .

Configure Permissions Provided by a Role

To assign permissions to a role, use the Permissions dialog box. These are the actions that a user with the role can perform.

  1. In Access Control Access Control , click an existing role or create a new role.
  2. In the ribbon, click Home > Permissions.
  3. In the Permissions dialog box, in the Page access management section, select the pages in the Spectrum user interface that should be displayed to users with this role.

    Note: If multiple roles are assigned to a user, any tab displayed for any of the roles is displayed for the user.

  1. Define the permissions for each object type in the Permissions Management section.
    • To grant a permission, click Empty check box (inherited) once to change it to granted Granted.
    • To deny a permission, click Empty check box (inherited) twice to change it to denied Denied.
    • To inherit the default permission from the folder containing this object, clear the check box to change the permission to inherited Empty check box (inherited).

    Tip: You can double-click a row or column header to grant, deny, or clear permissions in that entire row or column.

  2. Click Close.

Best Practices

If you are using folders to store objects, be sure to grant at least the Read permission for folders.

Assign a Role to Groups

To assign a role to groups, use the Groups dialog box.

  1. In Access Control Access Control , click an existing role or create a new role.
  2. In the ribbon, click Home > Group.
  3. In the Groups dialog box, click Add next to Group Membership.

    Note: You can assign existing roles to a group in the Groups dialog box for the role or in the Roles dialog box for the group, whichever is convenient. Both will show that the role is assigned to the group.

  4. In the Add Group dialog box, select a group and then click OK.
  5. Click Close.

Assign the Role to Users

To assign a role to users, use the Users dialog box.

Best Practices

Although you can assign a role directly to users, it is recommended as a best practice that you assign a role to a group and assign group membership to users.

  1. In Access Control Access Control , click an existing role or create a new role.
  2. In the ribbon, click Home > User.
  3. In the Users dialog box, click Add next to User Membership.

    Note: You can assign existing roles to a user in the Users dialog box for the role or in the Roles dialog box for the user, whichever is convenient. Both will show that the role is assigned to the user.

  4. In the Add User dialog box, select a user and then click OK.
  5. Click Close.