Overview

Torii Members with the Admin role can customize the permissions for new and existing Torii Members in the Torii account.

A Role consists of:

1. A unique name and description
2. Scopes - The main pages & and functionalities in Torii options included in the role 
3. Access level - The permission level enabled for this scope.
   
   
   
    

Using roles

The role defines the information the user is exposed to and limits users' actions in Torii's console.

There are two types of roles:

• Pre-defined roles created by Torii - like Admin and Read Only.
  These roles can not be edited or deleted.

• Custom Roles created manually - You can create and assign roles matching your organization's needs, like security, finance, HR, etc.. These roles can be edited and deleted.

   

Pre-defined Roles

The pre-defined roles within Torii that cannot be edited or deleted are:

1. Admin - has full access to all scopes, including the ability to create new roles, manage members and manage API keys
2. Read-only - can view all data but can't take any action.
3. [Torii SMP] Procurement - Access level for procurement personnel in which they can view and update financial records without being exposed to employees' attributes.
4. IT Admin - Responsible for the daily operation of the assets management. 
   Note that this role is not exposed to financial data and is recommended for any user you wish to provide Torii operation access without financial visibility. 
   
   For example, suppose you assign your finance/procurement managers the procurement role. In that case, they will be exposed to the overview information like license, expenses, usage, and more but will not be able to drill down to see specific user information.
   

5. For every role, a scopes preview is available.

   

    

Custom roles & scopes 

Torii Members with the Admin role can create custom roles, meaning they can create new roles with custom access levels and scopes.

The RBAC mechanism enables the granular admin control of access and actions.

Using custom roles, you can, for example, invite a member from the legal team to Torii's admin console with permission to view all contracts but with no permission to update information or view users' data.

Creating custom access roles

1. From the left sidebar menu, go to Settings >> Roles >> Add role button
   
2. In Role name, we recommend giving the role a unique name.
3. In Description, provide a meaningful role description.
   This will be used later when you assign users to roles.
   
    
4. Select the roles' relevant scopes: No access, Read, Take action.
   See "Torii Members' Roles, Scopes, and Access Level" article for a full roles description.
    

Edit/delete custom access roles

Only roles created manually can be edited or deleted by hovering over the role and selecting the edit/ delete icons.
 

How to assign a role?

1. Go to the Settings page
2. Click on Members & App Owners
3. Select the user to which you want to assign the role and select the role from the dropdown list.
   
    

Additional Articles

• Torii Members' Roles, Scopes, and Access Level