AX1371
Managing subsystem roles
You can create new roles for a subsystem, and you can assign existing roles to a subsystem. When a role belongs to a subsystem, the role permissions are restricted by the subsystem boundaries, and all users in the role must also belong to the subsystem.
When assigning subsystem users to roles, you can use the subsystem roles or you can use "global" roles (that do not belong to the subsystem). For more information on the difference in behavior, see About subsystems and roles.
The subsystem settings should be completed before assigning any roles (unless the roles do not contain any users yet), to ensure that all desired subsystem restrictions are in place before any subsystem users log in.
Assigning a role to a subsystem
When you create or edit a role, you can assign it to a particular subsystem. Use the Subsystem drop-down list on the General tab to assign the role to a subsystem.
-
This assignment can only be made on the role record. The Subsystem-Specific Roles section on the subsystem record is for information only; assignment changes cannot be made there.
-
Only administrators and users with the Administer Security permission can assign an existing role to a subsystem. If the role already has assigned users who do not belong to the subsystem when the role is assigned to the subsystem, then a validation error displays in the Security Management dialog. All users in the role must belong to the subsystem in order to assign the role to the subsystem.
-
Subsystem administrators can create new roles for the subsystem. When a subsystem administrator creates a new role, it is automatically assigned to the subsystem when it is created. If the subsystem administrator manages multiple subsystems, then the role's subsystem assignment can be changed to any of those subsystems.
-
Only administrators and users with the Administer Security permission can remove a role from a subsystem. Click the Remove button
to clear the assigned subsystem.
