Grant permissions to roles

In 10Duke SysAdmin, you grant permissions to a role in the same way, regardless of the type of role. The same applies to granting permissions to an organization role template.

A permission specifies a protected resource and the actions granted to accessing that resource, for example, TelephoneNumber = create,update. You can use an asterisk (*) as a wildcard in both the resource and the action part. For example, the permission * = read would allow view access to all resources.

The system has some predefined sets of permissions available for granting permissions. For more advanced use cases, you can define the permissions and granted actions manually.

Contact the 10Duke Integration Support team for support on creating and making changes to permissions in roles or templates.

If you need to grant permissions (“client-elevated privileges”) to an OAuth client application, grant them in the client application’s connection settings.

When you’re creating or editing a role or a template, grant permissions as follows:

  1. On the Role permissions tab, click Edit permissions.

    A side panel opens, displaying the currently granted permissions.

    If you’re editing an organization role, note that the side panel only shows the permissions granted directly to the role, and no inherited permissions.

  2. You can grant permissions in the following ways:

    • Predefined permission sets: Select a predefined set of permissions and click Apply.

      In the Permissions section at the bottom, you can see the details of the permissions and granted actions. They’re also shown in the JSON section.

      Note that a predefined set typically doesn’t grant sufficient permissions on its own. For example, you may need to manually grant the login permission to the role, or the user needs to have that permission through their other roles.

    • JSON: Define the permissions and granted actions in JSON format and click Apply. See the How to section for information on the JSON format to use.

    • Permissions: Define the permissions and granted actions in the fields.

      To add a permission, enter the permission name (the protected resource) and a comma-separated list of the granted actions in the empty fields at the end of the list, and click Add.

      To delete a permission, click Delete next to it.

  3. Review the permissions, and click Save.

If you changed the permissions of an existing role, the changes for users who have the edited role or roles that inherit permissions from it typically take effect within one hour, depending on your 10Duke Enterprise configuration.