Overview

Torii users with the Admin role can customize the permissions for new and existing users in the Torii account.

A Role consists of:

1. A unique name and description
2. Scopes - The main pages & and functionalities in Torii options included in the role 
3. Access level - The permission level enabled for this scope.
   
   
   

Using Roles

The role defines the information the user is exposed to and limits users' actions in Torii's console.

There are two types of roles:

• Pre-defined roles created by Torii - like Admin and Procurement
  These roles can not be edited or deleted.
• Custom Roles created by admin (you) - You can create and assign roles matching your organization's needs, like security, finance, HR, etc.. These roles can be edited and deleted.

Pre-defined Roles

The pre-defined roles within Torii that cannot be edited or deleted are:

1. Admin - has full access to all scopes, including the ability to create new roles, manage members and manage API keys
2. Read-only - can view all data but can't take any action
3. Procurement role - Access level for procurement personnel in which they can view and update financial records without being exposed to employees' attributes
4. IT Admin role- Responsible for the daily operation of the assets management.
   Note that this role is not exposed to financial data and is recommended for any user you wish to provide Torii operation access without financial visibility. 
   
   For example, suppose you assign your finance/procurement managers the procurement role. In that case, they will be exposed to the overview information like license, expenses, usage, and more but will not be able to drill down to see specific user information.
   
5. For every role, a scopes preview is available
   
   

Custom Roles & Scopes 

Torii users with the Admin role can create custom roles, meaning they can create new roles with custom access levels and scopes.

Create Torii custom role (RBAC)

RBAC mechanism enables the granular admin control of access and actions.

Torii admin can create custom roles corresponding with the org saas management methodology.
These roles will have access only to the information relevant to them.

Using custom roles, you can, for example, invite a member from the legal team to Torii's admin console with permission to view all contracts but with no permission to update information or view users' data.

Only users with the Admin role can create, edit and remove custom roles

Creating Custom Access Roles

1. From the left sidebar menu, go to Settings >> Roles >> Add role button
   
2. In Role name, we recommend giving the role a unique name.
3. In Description, provide a meaningful role description.
   This will be used later when you assign users to roles
   
4. Select the roles' relevant scopes: No access, Read, Take action.
   See "Torii Users' Roles, Scopes, and Access Level" article for a full roles description.
   Note that "No Access" permissions can only be applied on the 3 scopes below. 
   • Users Attributes - Determines whether the user assigned to this role will be exposed to information about the employee's application usage and employee details
   • Workflows -  Determines whether the role will be able to access workflows logs and create/ edit/ trigger workflows
   • Offboarding - Determines whether the role will be able to access offboarding data and create/ edit offboarding workflows
     
     

Edit/ Delete Custom Access Roles

Only roles created by an admin (not pre-defined by Torii) can be edited or deleted by hovering over the role and selecting the edit/ delete icons.

How to Assign a Role?

1. Go to the Settings page
2. Click on Team
3. Select the user to which you want to assign the role and select the role from the dropdown list

Additional Articles

• Torii Users' Roles, Scopes, and Access Level
• Procurement Role- Permissions & Scopes