OpenWGA 7.11 - OpenWGA Concepts and Features

Authorisation » Application level authorisations

User roles

User roles are like private groups for a single OpenWGA application. They are defined in the ACL of an application and assigned to users and groups in user/group ACL entries:

screenshot at 2013-04-02 13:04:34.png

In the screenshot of an applications ACL (in OpenWGA admin client) above there are two roles defined "#supervisor" and "#wf-master". Role "#supervisor" is assigned to group "managers" as can be seen on the ACL entry for that group. This means that every member of this group owns the role. Role "#wf-master" is also assigned to the entry of user "we" which also owns this role.

User roles do not directly give any rights to users and groups owning them. So it is not possible to assign an access level or privilege to a role. 

Instead they should be used in document level authorisation fields of OpenWGA to let owners of the role have special rights on a more granular level. Owners of special roles might for example be able to create and edit content for a special content type, if the editor field of that type specifies it:

screenshot at 2013-04-02 13:42:25.png

A user normally gains the user roles of all ACL user/group entries that match him. This works different from access levels and privileges where the more specific ACL entry "overwrites" those of less specific ACL entries. However you can enable the flag Do not inherit roles from less specific ACL entries on ACL entries where you do not want this. User that match this ACL entry will not inherit roles that are defined from less specific ACL entries than this one.