How can we help?

Torii Users' Roles, Scopes and Access Level

Noga Tubi
Noga Tubi
  • Updated
Understand Torii roles and permission scopes

Recommended prerequisite

We recommend reading the Introduction to Roles-Based Access Control (RBAC) article.

Overview

Torii users with an Admin role can customize the permissions for new and existing users in your Torii account.

This article will review and explain Torii's roles & scopes. How they are defined, built, and how to use them.

A role defines each scope's access level (full access, read-only or none) and consists of:

    1. A unique name and description
    2. Scopes - The main pages & and functionalities in Torii options included for the role 
    3. Access level - The permission level enabled for this scopemceclip0.png

Scopes Description

In the following section, we will help you understand the scopes and access levels available for every scope.
Note that when providing a role with the "Take Action" permission level this role will also include "read-only" permissions.

Applications

Access levels

Description

Take Action

View and act on Applications data and configuration

  • Update application info, state, and owner
  • Create and edit - Setting/Hidden application
  • Create and edit - Setting/Application details
  • Add custom applications

Read-only 

View only Application data and configuration

  • View Application data 
  • View Setting/applications details and Setting/hidden Applications

                      ______________________________________________________________

User Attributes

Access levels

Description

Read-only 

View user information and application usage 

  • Review Users page
  • Review Single user page
  • Review the User tab in the Single Application view
  • See data about users coming from HR systems
  • Review Application usage of a single user
  • Indications about user Offboarded badge, Notification
  • Review reports: Inactive users and application and users
  • Review details about Inactive users  

No Access

Is not exposed to user information

                      ______________________________________________________________

Workflows 

Access levels

Description

Take Action

Can configure workflows and run them, Configure Offboarding and App Catalog automatic policies.

  • Create, edit and update workflows
  • Manual triggering of user actions on users:
    • Take action on Inactive users and in-app recommendation
    • Take action on bulk and single users through the Application page
  • Configure and edit the "automatic" offboarding policy configuration
  • Configure and edit App catalog request access policy (automatic and non-automatic)

Read-only 

  • View workflow configuration and logs.
  • View offboarding automatic policy configuration and offboarding setting
  • View App catalog request access policy configuration

No Access

Is not exposed to workflow data configuration or logs.

  • Can not trigger manual action for users 
  • Can not configure App catalog request policy 
  • Can not configure Offboarding actions

                      ______________________________________________________________

Offboarding 

Access levels

Description

Take Action

Configure offboarding methods and take actions on offboarding users  

  • Start, stop skip and re-open employee offboarding
  • Configure and edit offboarding policy per application
  • Subscribe to the "Offboarding status" notification

Read-only 

View offboarding user information and configuration, including offboarded and offboarding badges.

No Access

is not exposed to offboarding data or configuration

                      ______________________________________________________________

Integrations

Access levels

Description

Take Action

Configure and take action over integrations 

  • Connect, rename, reconnect, disconnect, and sync integrations.
  • Read integration capabilities, See integration status, and Last synced info

Read-only 

View integration capabilities and status

                      ______________________________________________________________

Settings 

Access levels

Description

Take Action

Configure the following tabs in settings:

  • General
  • Security
  • API Access
  • Browser extension

These settings include:
Company name, Displayed currency, User lifecycle, Inactivity period, Extension mode, Generate API Key, hide Geolocation data.

Read-only 

View setting configurations 

Setting Special Scopes


Torii Admin only

  • Create Custom Roles 
  • Invite Torii users

Part of the Applications scope

  • Setting - Application Details
  • Setting - Custom Applications
  • Setting - Hidden Applications

Part of the Contracts scope

  • Setting - Contract Details 

                      ______________________________________________________________

Public View

Access levels

Description

Take Action

Create and edit public views.
These views will be shared with all Torii users in applications and contract pages

Read-only 

View public views 

Users with this permission are not exposed to the public view configuration

Note, Users will always be able to delete views created by them even if Public View permission is taken from them after the view was created.

                      ______________________________________________________________

Application Catalog

Access levels

Description

Take Action

Configure App catalog access and specific App request policies 

  • Enable and disable Application Catalog access
  • Configure Application Catalog settings
  • Configure non-automatic policies (workflows) per app request access

Read-only 

View Application Catalog settings

Financial Scopes 

In the below scopes, for License & chargeback, Expenses, and Contracts, No Access permission can only be achieved using the IT Admin role. They cannot be selected individually. 

When no access permission level is set to financial scopes (currently only all can be with no access)

  • Custom and calculated application fields of type currency are excluded from the Applications page.
  • Public filters that rely on fields of type currency are excluded from the filters list.
  • Applications documents tile is removed from the single app view 
License & Charageback 

Access levels

Description

Take Action

Configure and take action over license costs and chargebacks.

  • Review the License page
  • Review Chargeback tab in single App view
  • Update "Annual cost" on single user page/chargeback config
  • Review Expected cost saving in the License/Recommendations tab

Read-only 

View License and chargeback data    

No Access

Is not exposed to License cost or chargeback data  

                      ______________________________________________________________

Expenses

Access levels

Description

Take Action

Can review and edit financial information related to expenses. 

  • Review expenses page
  • Review Expense Analysis report
  • Review the Expense tab in a single application view
  • Upload and delete expense files
  • Archive and unarchive transactions
  • Edit expense rules

Read-only 

View Expense data and matching rules 

No Access

Is not exposed to Financial information related to expenses

                      ______________________________________________________________

Contracts

Access levels

Description

Take Action

Review and create financial data related to contracts

  • Review Contracts tab in single app view
  • Review Renewal page
  • Review report Applications and Contracts
  • Get Notified about the upcoming renewal date (in single app view)
  • Add, edit and delete contracts
  • Create and edit Setting/contract details
  • Upload Documents

Read-only 

Can review financial data related to contracts

No Access

Is not exposed to Financial information related to contracts

 

 

Related articles

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request