All aspects of Pyramid are governed through roles - making them central to the security and sharing of content within the system. The role management tool is designed to add or remove users from different public roles to facilitate role based management.
Tenancy
Roles, like users, are attached to specific tenants. In a multi-tenant solution, users cannot belong to different tenants (and different tenant roles) unless cross tenancy is enabled.
Role Listing
The role panel shows the list of roles in the system in the top section of the page:
- Clicking a specific role shows its details the bottom section.
- Use the checkboxes and macro buttons (top of the role panel) to apply actions to multiple roles.
Add or Edit a Role
When adding or editing a role the following settings apply:
- Role Name - the role's caption as it will appear through the application
- Make role hidden - set the role to hidden. This allows administrators to group and secure users with a role without making this role viewable to end users. See below for more.
- Tenant - when creating a new role, admins can choose which tenancy a role belongs to in a multi-tenant environment.
- Create group folder - when creating a new role, admins can select to create a group folder.
- Description - create or update a plain text description for the role.
The bottom panel shows the User assignment for the selected role, or role being created. This is a listing of the users included in or excluded from the role.
- Click here to see how to bulk import roles.
Hidden Roles
Hidden roles allow admins to secure and group functions for specific users without advertising them to the users in the application. Pro users who belong to role groups typically have the ability to self-share and self-secure content for the roles they belong to. By making one or more roles hidden, the user is unable to set these options for the specific role.
Normally, shared workgroup folders are also created for each role. Shared folders are NOT created for hidden roles. See below for more.
Group Roles in Active Directory
Assignment of group roles is enabled only for Active Directory authentication, and allows admins to assign group roles to an Active Directory group. When the authentication provider is set to Active Directory, the option to Add Group Role will be enabled in the Roles tab.
Select the Add Group Role tab, and type the relevant AD group into the search bar. Select the required group from the search results, and add them to the Assigned Groups window.
Add a role name for the group role, and select the tenant. When ready, click Apply. Users belonging to the AD group will be added to the group role in Pyramid.
- You can see which roles a user has been assigned to by selecting a user from the Users list, and clicking Edit Roles.
- You can also assign roles to content from the Content Explorer.
Cross Tenant Roles
The Cross Tenant Roles option allows users from different tenants to be added to roles in other tenants.
To assign multitenant roles, start by going to the multitenancy tab in Settings. Check the option to Enable cross tenant user roles, and click Apply to save changes.
- Once cross tenant user roles have been enabled, Admins can assign a given roles from one tenant to users in different tenants.
Workgroup Folders
Each role created will have a matching work group folder created. All users in that role are given unqualified read-write access to that folder and its contents. This facilitates a simplified, quick content-sharing forum.
- For private content, Pro users can use their private content folder and for content that needs to be more specifically secured.
- Public folders, on the other hand, provide a mechanism for setting specific read and write switches, by role, for each content item.
To turn off the workgroup folder feature, un-check the box in the tenant editor.