How can we help?

Introduction to Roles - Based Access Control (RBAC)

Noga Tubi
Noga Tubi
  • Updated


Torii users with the Admin role can customize the permissions for new and existing users in the Torii account.

A Role consists of:

  1. A unique name and description
  2. Scopes - The main pages & and functionalities in Torii options included in the role 
  3. Access level - The permission level enabled for this scope.

Using Roles

The role defines the information the user is exposed to and limits users' actions in Torii's console.

There are two types of roles:

Pre-defined Roles

The pre-defined roles within Torii that cannot be edited or deleted are:

  1. Admin - has full access to all scopes, including the ability to create new roles, manage members and manage API keys
  2. Read-only - can view all data but can't take any action
  3. Procurement role - Access level for procurement personnel in which they can view and update financial records without being exposed to employees' attributes
  4. IT Admin role- Responsible for the daily operation of the assets management.
    Note that this role is not exposed to financial data and is recommended for any user you wish to provide Torii operation access without financial visibility. 
    For example, suppose you assign your finance/procurement managers the procurement role. In that case, they will be exposed to the overview information like license, expenses, usage, and more but will not be able to drill down to see specific user information.mceclip1.png
  5. For every role, a scopes preview is available

Custom Roles & Scopes 

Torii users with the Admin role can create custom roles, meaning they can create new roles with custom access levels and scopes.

Create Torii custom role (RBAC)

RBAC mechanism enables the granular admin control of access and actions.

Torii admin can create custom roles corresponding with the org saas management methodology.
These roles will have access only to the information relevant to them.

Using custom roles, you can, for example, invite a member from the legal team to Torii's admin console with permission to view all contracts but with no permission to update information or view users' data.

Only users with the Admin role can create, edit and remove custom roles

Creating Custom Access Roles

  1. From the left sidebar menu, go to Settings >> Roles >> Add role button
  2. In Role name, we recommend giving the role a unique name.
  3. In Description, provide a meaningful role description.
    This will be used later when you assign users to roles
  4. Select the roles' relevant scopes: No access, Read, Take action.
    See "Torii Users' Roles, Scopes, and Access Level" article for a full roles description.
    Note that "No Access" permissions can only be applied on the 3 scopes below. 
    • Users Attributes - Determines whether the user assigned to this role will be exposed to information about the employee's application usage and employee details
    • Workflows -  Determines whether the role will be able to access workflows logs and create/ edit/ trigger workflows
    • Offboarding - Determines whether the role will be able to access offboarding data and create/ edit offboarding workflows

Edit/ Delete Custom Access Roles

Only roles created by an admin (not pre-defined by Torii) can be edited or deleted by hovering over the role and selecting the edit/ delete icons.mceclip8.png

How to Assign a Role?

  1. Go to the Settings page
  2. Click on Team
  3. Select the user to which you want to assign the role and select the role from the dropdown listmceclip0.png

Additional Articles

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request