How can we help?

Search

Torii Users' Roles, Scopes and Access Level

Noga Tubi
Noga Tubi
  • Updated
Understand Torii roles and permission scopes

Recommended prerequisite

We recommend reading the Introduction to Roles-Based Access Control (RBAC) article.

Overview

Torii users with an Admin role can customize the permissions for new and existing users in their Torii account.

This article will review and explain Torii's roles & scopes. How they are defined, built, and how to use them.

 

A role defines each scope's access level (full access, read-only, or none) and consists of the following:

    1. A unique name and description
    2. Scopes - The main pages & and functionalities in Torii options included for the role 
    3. Access level - The permission level enabled for this scopemceclip0.png

Scopes Description

The following section will help you understand the scopes and access levels available for every scope.
Note that when providing a role with the "Take Action" permission level this role will also include "read-only" permissions.

Dashboard Management

Access levels

Description

Take Action

Access, explore, edit and manage access permissions for all Torii dashboards.

Note: Selecting this access level will mandate at minimum a Read-only access level for other scopes in Torii. 

Read-only 

Access and explore all Torii dashboards.

No Access

No inherent access to Torii dashboards. 

                      ______________________________________________________________

Applications

Access levels

Description

Take Action

View and act on Applications data and configuration

  • Update application info, state, and owner
  • Create and edit - Setting/Hidden application
  • Create and edit - Setting/Application details
  • Add custom applications
  • Import application users manually

Read-only 

View only Application data and configuration

  • View Application data 
  • View Setting/applications details and Setting/hidden Applications

                      ______________________________________________________________

User Attributes

Access levels

Description

Read-only 

View user information and application usage 

  • Review Users page
  • Review Single user page
  • Review the User tab in the Single Application view
  • See data about users coming from HR systems
  • Review Application usage of a single user
  • Indications about user Offboarded badge, Notification
  • Review reports: Inactive users and application end users
  • Review details about Inactive users  

No Access

Is not exposed to user information

                      ______________________________________________________________

Workflows 

Access levels

Description

Take Action

Can configure workflows and run them, Configure Offboarding and App Catalog automatic policies.

  • Create, edit and update workflows
  • Manual triggering of user actions on users:
    • Take action on Inactive users and in-app recommendation
    • Take action on bulk and single users through the Application page
  • Configure and edit the "automatic" offboarding policy configuration
  • Configure and revise App catalog policies. 

Read-only 
  • View workflow configuration and logs.
  • View offboarding automatic policy configuration and offboarding setting
  • View App catalog request access policy configuration

No Access

Is not exposed to workflow data configuration or logs.

  • Can not trigger manual action for users 
  • Can not configure App catalog request policy 
  • Can not configure Offboarding actions

                      ______________________________________________________________

Offboarding 

Access levels

Description

Take Action

Configure offboarding methods and take actions on offboarding users  

  • Start, stop, skip and re-open employee offboarding
  • Configure and edit offboarding policy per application
  • Subscribe to the "Offboarding status" notification

Read-only 

View offboarding user information and configuration, including offboarded and offboarding badges.

No Access

is not exposed to offboarding data or configuration

                      ______________________________________________________________

Integrations

Access levels

Description

Take Action

Configure and take action over integrations 

  • Connect, rename, reconnect, disconnect, and sync integrations.
  • Read integration capabilities, See integration status, and Last synced info.

Read-only 

View integration capabilities and status

                      ______________________________________________________________

Settings 

Access levels

Description

Take Action

Configure the following tabs in settings:

  • General
  • Security
  • API Access
  • Browser extension

These settings include:
Company name, Displayed currency, User lifecycle, Inactivity period, Extension mode, Generate API Key, hide Geolocation data.

Read-only 

View setting configurations 
Setting Special Scopes

Torii Admin only
  • Create Custom Roles 
  • Invite Torii users

Part of the Applications scope
  • Setting - Application Details
  • Setting - Custom Applications
  • Setting - Hidden Applications

Part of the Contracts scope
  • Setting - Contract Details 

                      ______________________________________________________________

Public Views

Access levels

Description

Take Action

Create and edit public views.
These views will be shared with all Torii users in applications and contract pages.

Read-only 

View public views 

Users with this permission are not exposed to the public view configuration.
Note, Users will always be able to delete views they created even if Public View permission is taken from them after the view was created.

                      ______________________________________________________________

Application Catalog

Access levels

Description

Take Action

Configure App catalog access and specific App request policies 

  • Enable and disable Application Catalog access
  • Configure Application Catalog settings

Note that in order to create and edit automated policies the user requires a Workflows take action scope in addition to this scope.

Read-only 

View Application Catalog settings and policies.

______________________________________________________________

App User Access Reviews

Access levels

Description

Take Action

Launch, conduct and submit user access reviews

Read-only 
  • Download user access review report
  • View access reviews list

No Access

Is not exposed to the Access Reviews page, and cannot access single access reviews

 ______________________________________________________

All Scheduled Reports

Access levels

Description

Take Action

Access to view and edit (scheduling or recipients, but not content) of all scheduled reports by any user

Read-only 

Access to view all scheduled reports by any user

No Access

Access to view only scheduled reports that you've scheduled

 

Financial Scopes 

License Cost & Chargeback 

Access levels

Description

Take Action

Configure and take action over license costs and chargebacks.

  • View and configure chargebacks as long as both Contracts and Expenses scopes are at least "Read only"
  • Update "Annual cost" on single user page/chargeback config
  • Review Expected cost saving in the License/Recommendations tab

Read-only 
  • View chargebacks as long as both Contracts and Expenses scopes are at least "Read only"

No Access
  • View the Licenses page and recommendations without license cost and estimated savings.
  • Chargeback is hidden

                      ______________________________________________________________

Expenses

Access levels

Description

Take Action

Can review and edit financial information related to expenses. 

  • Review expenses page
  • Review Expense Analysis report
  • Review the Expense tab in a single application view
  • Upload and delete expense files
  • Archive and unarchive transactions
  • Edit matching rules

Read-only 

View Expense data and matching rules 

No Access
  • Expenses pages and reports are hidden
  • Expenses columns and custom currency fields are hidden from application tables and reports
  • Attached documents are hidden from the application page
  • Chargeback is hidden

                      ______________________________________________________________

Contracts

Access levels

Description

Take Action

Review and create contracts

  • Review Contracts tab in single app view
  • Review Renewal page
  • Review report Applications and Contracts
  • Get Notified about the upcoming renewal date (in single app view)
  • Add, edit and delete contracts
  • Create and edit Setting/contract details
  • Upload Documents

Read-only 

Review contracts and renewal pages including related reports.

No Access
  • Contracts and renewal pages including related reports are hidden
  • Contract columns and custom currency fields hidden from application table and reports
  • Attached documents are hidden from the application page
  • Chargeback is hidden

 

 

Related articles

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request