Roles
Tip:Until an operator's account is assigned to at least one role, the operator cannot access any part of Flexera One.
Access rights define what an account can do in Flexera One. For example, an administrator role can control the configuration and management of Flexera One whereas a report viewer role can only view the reports and dashboards (and then only for data objects where the operator has at least Read only privileges). When you assign a role to an account, Flexera One assigns the access rights contained in the assigned role to that account.
Mapping Roles and Accounts
Only user accounts that have specific responsibilities and security approvals should be assigned to roles that bring high-level privileges. For example, the typical administrator role has tasks like:
• | Configuring Flexera One properties |
• | Configuring currency settings |
• | Troubleshooting through the IT Assets Inventory Status System Tasks page, and accessing/downloading logs |
• | Managing operators of Flexera One, and their privilege levels. |
However, by default this role does not include the ability to manage contracts, for example. Typically, a separate operator has responsibility for contract records. In short, tailor the privileges to suit the operator's responsibilities, using one or more roles as best suits your environment. Assignments to real, responsible people is best practice, rather than assigning privileges to an unsecured Windows account or a service account.
You can create multiple roles and assign one or more roles to an account, based on its job requirements. When you assign multiple roles to an account, the account receives a logical union of all the access rights assigned to each of the assigned roles.
Tip:If you assign multiple roles where you have an overlap between an 'allow' right and a 'deny', the 'deny' always wins.
Actions
This page enables you to perform the following activities:
Action |
Description |
Search for existing roles |
You can search for an existing role. For information about searching and using other UI options, see the topics under Using Lists in Flexera One. |
View accounts associated with a role |
Each role record displays the number of accounts assigned with that role. You can click this link to view the list of accounts assigned with the role on the IT Asset Accounts page. |
Create a role |
You can create a new role and assign it to one or more accounts. See Creating a Role. |
Copy an existing role |
You can copy an existing role to create a new role with modified privileges. Click the copy icon for the role you wish to copy. Flexera One displays the Create a Role page. Modify the desired properties and click Create. For more information, see Creating a Role. |
Change the rights for an existing role |
You can adjust the privileges given to an existing role. Click the edit (pencil) icon for the role you wish to edit. Flexera One displays the Edit rolename page, where you can change any values except the role Name (other than this, the page is identical to the display for creating a new role). Modify the desired properties, and scroll to the bottom of the page to click Save. For more information, see Creating a Role. |
Delete a role |
Click the delete icon for the role you wish to delete. Flexera One displays a confirmation message. Click OK to delete the role. |
Note:You can delete a role whether or not there are accounts assigned to the role. When a role is deleted, any privileges granted to accounts through only that one role are revoked, so that (as always) each account has the sum of privileges granted by the roles to which it is currently assigned. Keep in mind that an account must be assigned to at least one role to have any access to Flexera One. If you delete the only role to which an account is assigned, the operator using that account is no longer able to use Flexera One until you assign that account to another role.