Torii User Roles & Permissions Guide
Torii users with the Admin role can customize the permissions for new and existing users in the Torii account.
A Role consists of:
- A unique name and description
- Scopes - The main pages & and functionalities in Torii options included in the role
- Access level - The permission level enabled for this scope.
Using Roles
The role defines the information the user is exposed to and limits users' actions in Torii's console.
There are two types of roles:
- Pre-defined roles created by Torii - like Admin and Procurement
These roles can not be edited or deleted. - Custom Roles created by admin (you) - You can create and assign roles matching your organization's needs, like security, finance, HR, etc.. These roles can be edited and deleted.
Pre-defined Roles
The pre-defined roles within Torii that cannot be edited or deleted are:
- Admin - has full access to all scopes, including the ability to create new roles, manage members and manage API keys
- Read-only - can view all data but can't take any action
- Procurement - Access level for procurement personnel in which they can view and update financial records without being exposed to employees' attributes
For example, suppose you assign your finance/procurement managers the procurement role. In that case, they will be exposed to the overview information like license, expenses, usage, and more but will not be able to drill down to see specific user information.
Custom Roles & Scopes
Torii users with the Admin role can create custom roles, meaning they can create new roles with custom access levels and scopes.
Note that a new permission level of "No Access" was added to some of the scopes that hold sensitive information.
- Users Attributes - Determines whether the user assigned to this role will be exposed to information about the employee's application usage and employee details
- Offboarding - Determines whether the role will be able to access offboarding data and create/ edit offboarding workflows
- Workflows - Determines whether the role will be able to access workflows logs and create/ edit/ trigger workflows
| Scope | Activity |
|---|---|
| Applications |
|
|
User Attributes |
|
|
License & chargeback |
|
|
Expenses |
|
|
Contracts |
|
|
Workflows |
|
|
Offboarding |
|
|
Integrations |
|
|
Settings |
Update company general settings from the Settings → General tab:
|
|
Application Catalog |
|
|
Public Views |
Create and edit applications and contracts for public views. |
Create Torii custom role (RBAC)
RBAC mechanism enables the granular admin control of access and actions.
Torii admin can create custom roles corresponding with the org saas management methodology.
These roles will have access only to the information relevant to them.
Using custom roles, you can, for example, invite a member from the legal team to Torii's admin console with permission to view all contracts but with no permission to update information or view users' data.
Only users with the Admin role can create, edit and remove custom roles
Creating Custom Access Roles
- From the left sidebar menu, go to Settings >> Roles >> Add role button
- In Role name, we recommend giving the role a unique name.
- In Description, provide a meaningful role description.
This will be used later when you assign users to roles. - Select the roles' relevant scopes: No access, Read, Take action.
See Torii User Roles (Permissions Guide) for a full roles description.
Edit/ Delete Custom Access Roles
Only roles created by an admin (not pre-defined by Torii) can be edited or deleted by hovering over the role and selecting the edit/ delete icons.
How to Assign a Role?
- Go to the Settings page
- Click on Team
- Select the user to which you want to assign the role and select the role from the dropdown list
