Assigning Privileges to a Role

Overview

After creating a role, you must assign privileges to it before it grants any access. Privileges are displayed as a checkbox tree grouped into functional categories. This page explains how to load, set, and save privileges for a role.

When to Use

• Configuring a newly created role with the correct set of permissions
• Expanding a role's access when a job function changes
• Removing a privilege from a role to tighten security

Navigating to Role Privilege Management

1. Click Administration → Manage Users
2. Select the role management area
3. Select the role from the list
4. Click Manage Privileges in the right action panel
5. The Manage User Role Privileges screen opens, showing the role name at the top

Required privilege: AdminManagingUsers

Loading the Privilege Tree

When the page first opens, the tree is not yet loaded. You will see a warning message:

"Please click the 'List Privileges' button to display the available privileges for selected Role."

Click List User Role Privileges (green button) to load the tree.

Using the Privilege Tree

The tree displays all available privileges grouped into categories. Each node has a checkbox:

• Tick a category node — selects all privileges within that category at once
• Tick an individual privilege — grants just that one privilege
• Untick — removes the privilege
• Half-filled checkbox on a parent — some but not all children are selected

Saving Changes

After making your selections, click Update Manage User Role Privileges (yellow/warning button, top right of the panel) to save.

Important: Changes do not take effect until you click Update. If you navigate away without saving, changes are lost.

How Privileges Propagate to Users

Any user assigned this role automatically inherits all the role's privileges. Users do not need to be individually updated — the role change applies immediately to all users holding the role, on their next page load.

Individual User Privileges vs Role Privileges

If a specific user needs different access than their role provides:

• Additional privileges can be added to the individual user via Manage Privileges on their user record
• Privilege checks at the page level combine role privileges + individual user privileges
• Individual privilege overrides are per-department; role privileges apply everywhere

See Creating and Managing Users → Manage Privileges.

Technical Notes (Admin/Developer)

The privilege tree is built by UserPrivilageController.fillUserRolePrivileges(). The root node is stored in userPrivilageController.rootTreeNode; selected nodes in userPrivilageController.selectedNodes. Saving calls userPrivilageController.saveUserRolePrivileges(), which persists WebUserRolePrivilege records for each selected node. The propagateSelectionDown=true and propagateSelectionUp=true attributes on the p:tree ensure parent/child checkbox propagation.

Related Features

• Understanding Roles and Privileges
• Creating and Managing User Roles
• Assigning Users to a Role