Recommended prerequisite
Overview
Torii users with an Admin role can customize the permissions for new and existing users in their Torii account.
This article will review and explain Torii's roles & scopes. How they are defined, built, and how to use them.
A role defines each scope's access level (full access, read-only, or none) and consists of the following:
-
- A unique name and description
- Scopes - The main pages & and functionalities in Torii options included for the role
- Access level - The permission level enabled for this scope
Scopes Description
The following section will help you understand the scopes and access levels available for every scope.
Note that when providing a role with the "Take Action" permission level this role will also include "read-only" permissions.
Dashboard Management |
Access levels |
Description |
Take Action |
Access, explore, edit and manage access permissions for all Torii dashboards. |
|
Read-only |
Access and explore all Torii dashboards. |
|
No Access |
No inherent access to Torii dashboards. |
______________________________________________________________
Applications |
Access levels |
Description |
Take Action |
View and act on Applications data and configuration
|
|
Read-only |
View only Application data and configuration
|
______________________________________________________________
User Attributes |
Access levels |
Description |
Read-only |
View user information and application usage
|
|
No Access |
Is not exposed to user information |
______________________________________________________________
Workflows |
Access levels |
Description |
Take Action |
Can configure workflows and run them, Configure Offboarding and App Catalog automatic policies.
|
|
Read-only |
|
|
No Access |
Is not exposed to workflow data configuration or logs.
|
______________________________________________________________
Offboarding |
Access levels |
Description |
Take Action |
Configure offboarding methods and take actions on offboarding users
|
|
Read-only |
View offboarding user information and configuration, including offboarded and offboarding badges. |
|
No Access |
is not exposed to offboarding data or configuration |
______________________________________________________________
Integrations |
Access levels |
Description |
Take Action |
Configure and take action over integrations
|
|
Read-only |
View integration capabilities and status |
______________________________________________________________
Settings |
Access levels |
Description |
Take Action |
Configure the following tabs in settings:
These settings include: |
|
Read-only |
View setting configurations |
|
Setting Special Scopes |
Torii Admin only |
|
Part of the Applications scope |
|
|
Part of the Contracts scope |
|
______________________________________________________________
Public Views |
Access levels |
Description |
Take Action |
Create and edit public views. |
|
Read-only |
View public views Users with this permission are not exposed to the public view configuration. |
|
Note, Users will always be able to delete views they created even if Public View permission is taken from them after the view was created. |
______________________________________________________________
Application Catalog |
Access levels |
Description |
Take Action |
Configure App catalog access and specific App request policies
Note that in order to create and edit automated policies the user requires a Workflows take action scope in addition to this scope. |
|
Read-only |
View Application Catalog settings and policies. |
______________________________________________________________
App User Access Reviews |
Access levels |
Description |
Take Action |
Launch, conduct and submit user access reviews |
|
Read-only |
|
|
No Access |
Is not exposed to the Access Reviews page, and cannot access single access reviews |
______________________________________________________
All Scheduled Reports |
Access levels |
Description |
Take Action |
Access to view and edit (scheduling or recipients, but not content) of all scheduled reports by any user |
|
Read-only |
Access to view all scheduled reports by any user |
|
No Access |
Access to view only scheduled reports that you've scheduled |
Financial Scopes
License Cost & Chargeback |
Access levels |
Description |
Take Action |
Configure and take action over license costs and chargebacks.
|
|
Read-only |
|
|
No Access |
|
______________________________________________________________
Expenses |
Access levels |
Description |
Take Action |
Can review and edit financial information related to expenses.
|
|
Read-only |
View Expense data and matching rules |
|
No Access |
|
______________________________________________________________
Contracts |
Access levels |
Description |
Take Action |
Review and create contracts
|
|
Read-only |
Review contracts and renewal pages including related reports. |
|
No Access |
|
Related articles
- Using Torii Role-based access control (RBAC)
- Procurement Role - Permissions & Scopes
- IT Admin Role - Permissions & Scopes