Recommended prerequisite
Overview
Torii users with an Admin role can customize the permissions for new and existing users in their Torii account.
This article will review and explain Torii's roles & scopes. How they are defined, built, and how to use them.
A role defines each scope's access level (full access, read-only, or none) and consists of the following:
-
- A unique name and description
- Scopes - The main pages & and functionalities in Torii options included for the role
- Access level - The permission level enabled for this scope
Scopes Description
The following section will help you understand the scopes and access levels available for every scope.
Note that when providing a role with the "Take Action" permission level this role will also include "read-only" permissions.
Applications |
Access levels |
Description |
Take Action |
View and act on Applications data and configuration
|
|
Read-only |
View only Application data and configuration
|
______________________________________________________________
User Attributes |
Access levels |
Description |
Read-only |
View user information and application usage
|
|
No Access |
Is not exposed to user information |
______________________________________________________________
Workflows |
Access levels |
Description |
Take Action |
Can configure workflows and run them, Configure Offboarding and App Catalog automatic policies.
|
|
Read-only |
|
|
No Access |
Is not exposed to workflow data configuration or logs.
|
______________________________________________________________
Offboarding |
Access levels |
Description |
Take Action |
Configure offboarding methods and take actions on offboarding users
|
|
Read-only |
View offboarding user information and configuration, including offboarded and offboarding badges. |
|
No Access |
is not exposed to offboarding data or configuration |
______________________________________________________________
Integrations |
Access levels |
Description |
Take Action |
Configure and take action over integrations
|
|
Read-only |
View integration capabilities and status |
______________________________________________________________
Settings |
Access levels |
Description |
Take Action |
Configure the following tabs in settings:
These settings include: |
|
Read-only |
View setting configurations |
|
Setting Special Scopes |
Torii Admin only |
|
Part of the Applications scope |
|
|
Part of the Contracts scope |
|
______________________________________________________________
Public View |
Access levels |
Description |
Take Action |
Create and edit public views. |
|
Read-only |
View public views Users with this permission are not exposed to the public view configuration. |
|
Note, Users will always be able to delete views they created even if Public View permission is taken from them after the view was created. |
______________________________________________________________
Application Catalog |
Access levels |
Description |
Take Action |
Configure App catalog access and specific App request policies
|
|
Read-only |
View Application Catalog settings |
Financial Scopes
In the below scopes, for License & chargeback, Expenses, and Contracts, No Access permission can only be achieved using the IT Admin role. They cannot be selected individually.
When no access permission level is set to financial scopes (currently only all can be with no access)
- Custom and calculated application fields of type currency are excluded from the Applications page.
- Public filters that rely on fields of type currency are excluded from the filters list.
- The applications documents tile is removed from the single app view
License & Chargeback |
Access levels |
Description |
Take Action |
Configure and take action over license costs and chargebacks.
|
|
Read-only |
View License and chargeback data |
|
No Access |
Is not exposed to License cost or chargeback data |
______________________________________________________________
Expenses |
Access levels |
Description |
Take Action |
Can review and edit financial information related to expenses.
|
|
Read-only |
View Expense data and matching rules |
|
No Access |
Is not exposed to Financial information related to expenses |
______________________________________________________________
Contracts |
Access levels |
Description |
Take Action |
Review and create financial data related to contracts
|
|
Read-only |
Can review financial data related to contracts |
|
No Access |
Is not exposed to Financial information related to contracts |
Related articles
- Using Torii Role-based access control (RBAC)
- Procurement Role - Permissions & Scopes
- IT Admin Role - Permissions & Scopes