Skip to main content

Roles Apply

Information on the Roles Apply settings in Org Roles/ Permissions in Contract Logix

Justin Tryon avatar
Written by Justin Tryon
Updated over 6 months ago

Within Org Roles/Permissions, this setting helps control the level of access users have to features and records in the application. To see the options, click Change Settings on the Org Roles/Permissions page. For Roles Apply, there is a Global or an Organizational setting. See the graphic and chart for an explanation of each:

Globally

Organizational

In this mode, permissions from all of a user's Roles apply to all records.

In this mode, permissions from each of a user's roles apply only to records within the organizational ownership area in which the role is located.

If a user has multiple Roles assigned, the permissions from each object type are combined from their roles according to the Role Conflicts setting (Role Conflicts explained in next section). NOTE: If the user is assigned only one Role then the Role Conflicts setting is disregarded.

However, a user in multiple roles may experience unique record access and record editing behavior based on the security permissions (i.e., Role Conflicts setting).

In this mode, creating well-separated roles will minimize the likelihood that role conflict resolution (i.e., Role Conflicts setting, explained in next section) will be needed. NOTE: This mode allows a user to have different permission levels to the same object type, depending on the organizational ownership of the record they are accessing.

The location of the role in the Organizational Hierarchy allows the user access to records with the corresponding organizational ownership.

When multiple roles apply, a user's effective permissions to a given object types are determined by considering two role priority levels.

  • Roles whose organizational ownership exactly matches any of the organizational ownership selections of the record, have the first priority.

  • Roles at higher organizational ownership levels have the second priority. These are considered only if there are no first priority roles.

Within their allowed organizational ownership area(s), the user will have the same level of access to all objects (Associations, Contacts, Contracts, Documents, and Organizations) of any given type.

Within each of the two priority levels, permission conflicts are resolved according to the selected Conflict Resolution mode (i.e., Role Conflicts setting).

In Summary

In the Global Roles Apply setting, users assigned multiple Roles (whether top level and sub-levels or just in sub-levels) may experience access overlap depending on the Role Conflicts setting.

In Summary

In the Organizational Roles Apply setting, users assigned multiple Roles (whether top level and sub-levels or just in sub-levels) experience unique areas of record access rather than access overlap (i.e., it is possible to grant users different levels of access to the same kind of object record depending on the organizational ownership of that record).

See Most and Least Privilege for information on those settings.

Did this answer your question?