Custom Roles and Permissions User Guide

This user guide provides an overview of custom roles and permissions in Tehama and describes how to create and assign a custom role.

Overview

Tehama provides a Custom Roles & Permissions feature, which allows your organization to define custom roles for your users, beyond the predefined roles provided by Tehama. A custom role is a role composed of one or more permission sets.

Note: The custom roles and permissions feature is not initially enabled in your organization. It will be enabled the first time your Org Admin user attempts to use the feature, through clicking on the CREATE ROLE button on the ROLES page, after acknowledging the implications the feature has for role setting in Tehama's SSO User Provisioning.

Read the section Custom Roles & Permissions and SSO User Provisioning in the Corporate Single Sign On (SSO) Authentication and User Provisioning page for more information on the implications of custom roles and permissions for role setting.

Note: Organizations that took part in the custom roles trial may have created custom roles without having to acknowledge the SSO User Provisioning role setting limitation. They will be asked to acknowledge the limitation if they decide to enable SSO User Provisioning.

For a simple overview of the predefined roles in Tehama, see the Roles User Guide. It provides general information on the capabilities that users with each of these roles has and how these capabilities are dependent on the role that the user's organization has in a Tehama Room.

What are Custom Roles and Permissions

Roles are groups of permissions that are assigned to members.

Permission sets are collections of authorizations to perform actions.

The actions in a permission set are related to one another. They are the actions required to complete a specific task, or set of tasks.

Tehama currently predefines four roles:

Org Admin
Org Manager
Room Manager
Staff

For most users of Tehama, one of these four roles are sufficient for their needs. Other users may need a role with a custom combination of permission sets. For these users, Tehama provides the ability to create custom roles constructed of pre-defined permission sets.

There are four permission sets available:

Organization management
Auditing
Reporting
Usage monitoring

Any number of these permissions sets can be combined in a custom role.

Be aware that the capabilities in a role will differ depending on the function/role the member's organization has in a Tehama Room. See the User Management Roles vis-a-vis Org Functions/Roles in a Room section in the Roles User Guide for a chart explaining the division of responsibilities for the roles, depending on the organization role/function in the Room. A more in-depth breakdown can be found in the Rooms User Guide, in section Org Roles and Responsibilities in a Room.

Predefined roles

Here is an overview of the available predefined roles that Tehama provides.

You can find an overview of the permissions for each of Tehama's predefined roles in the Roles User Guide. Click on the name of the role in the list below to be directed to a list permissions available to the role.

Org Admin: Has full access and management capabilities. Only one user per organization has this role.
Org Manager: Has full access and management capabilities with some exceptions. Each org can have many org managers.
Room Manager: Has access and management capabilities within the Rooms of which they are a member. Each org can have many room managers.
Staff: Has access to their Desktops in Rooms of which they are a member. No management capabilities. Each org can have many staff members.

Custom Role Permission Sets

Here is an overview of the available permission sets from which you can compose custom roles.

Organization management

Can manage rooms, and desktops. Including 'Auditing' and 'Reporting' permission sets.

Activity Stream Can view all events.
Desktops Can create/edit/delete desktops.
Members Can add/remove members.
Recordings Can access live and recorded sessions.
Reports Has full access to reporting capabilities.
Rooms Can create/edit/delete rooms.

This permission set is equivalent to the permissions enjoyed by a user with the Org Manager role.

Auditing

Can view all events and recordings.

Activity Stream Can view all events.
Recordings Can access live and recorded sessions.

Reporting

Can access all reports.

Reports Has full access to reporting capabilities.

Usage Monitoring

Can access all usage reports.

Usage configuration Can access TCU usage options and information.
Usage Report Can access granular breakdown of TCU usage.

View Roles

The Org Admin user and the Org Managers can view the Roles available in the organization.

View the roles, both predefined and custom, in your organization as follows:

Log in to the Tehama Web UI.
Click on the ORGANIZATION tab.
Click on the ROLES sidebar item. You will see the ROLES table.

Create a Custom Role

Only the Org Admin user can create a custom role for the organization.

Create a custom role as follows:

Log in to the Tehama Web UI.
Click on the ORGANIZATION tab.
Click on the ROLES sidebar item. You will see the ROLES table.
Click on the CREATE ROLE button. You will see the CREATE ROLE page.

Note: Be careful not to navigate away from the ROLES sidebar item while creating your role. When you return to the ROLES sidebar, you will see the ROLES table and your changes will be lost.
Enter the name you want to give your custom role in the Name field.
Enter the description of your custom role in the Description field. Tip: mention any permission sets included in the role, for quick reference.
Select the permission set(s) that you want to be part of your custom role.
Click on the CREATE button. You will be returned to the ROLES table. Your new custom role will be a new entry in the table.

Assign a Role

The Org Admin user and the Org/Room Managers can assign a role to an organization member.

You can assign a role, custom or predefined, when inviting a new member to your organization. Follow the instructions in the Add members to an organization section in the Organization User Guide.

You can also assign a role by editing the role of an existing member in your organization. Follow the instructions in the Edit a member's role section in the Organization User Guide.

Edit a Custom Role

Only the Org Admin user can edit a custom role.

Edit a custom role as follows:

Log in to the Tehama Web UI.
Click on the ORGANIZATION tab.
Click on the ROLES sidebar item. You will see the ROLES table.
Place a checkmark beside the entry for the role you want to edit.
Click on the EDIT button at the top of the table. You will see the EDIT ROLE page.

Note: Be careful not to navigate away from the ROLES sidebar item while editing your role. When you return to the ROLES sidebar, you will see the ROLES table and your changes will be lost.
Edit any of the fields on the page.
Click on the SAVE button. You will be returned to the ROLES table. You will see your edited custom role in the table.

Delete a Custom Role

Only the Org Admin user can delete a custom role.

Delete a custom role as follows:

Log in to the Tehama Web UI.
Click on the ORGANIZATION tab.
Click on the ROLES sidebar item. You will see the ROLES table.
Place a checkmark beside the entry for the role you want to delete.
Click on the DELETE button at the top of the table. You will see the DELETE ROLE dialog.
If any members of the organization are currently assigned to the role, the dialog will advise you to reassign these users to another role before deleting the role. If this is the case, click on the BACK button in the dialog and go to the organization's MEMBERS tab. From that tab you can identify the members with this role. (Filter on the role in the Roles column.) Then click on their names to see their profile and edit their role to be something else. Return to the ROLES table and try again.
Click on the DELETE button in the dialog. You will be returned to the ROLES table. Your role will no longer be in the table.