ROLEAs mentioned in the N4 Security: Overview (on page 1), every action in N4 is secured by a privilege except for the ability to add and maintain user accounts. By default, only the superuser (admin), can add new user accounts in N4. However, if you have a large number of user accounts to add and maintain on a regular basis, it may be too much work for one user. Therefore, N4 enables a superuser to delegate this task to other administrators (delegated users) in the organization.
To add Delegated User accounts:
Create a Delegated Role (on page 1).
Assign that role to the users you want to define as Delegated Users.
A user with a delegated role is referred to as a delegate user. This user can create new users that have all or a subset of the privileges included in the delegated role assigned to them. Any roles or users created by a delegated user are called inherited roles and inherited users.
If you edit the privileges assigned to an existing delegated role, the existing delegated users with that role can see the changes without having to log out and log back into N4. However, if the changes affect any existing inherited users, they must log out and log back in to see the changes. For more information on privileges, see Privileges view (on page 1).
Delegated roles and users are useful for providing partial access to N4 for your business partners. Typically, an inherited user works for the same company as the delegated user. For example, if you want to provide a line operator with administrative user access to create their own users and roles in N4, you can create a delegated role with a limited set of privileges. Then you can assign one or more delegated roles to the line operator's administrative user, or delegated user. This user can then create an inherited role based on a delegated role. N4 limits the privileges available for an inherited role to the set of privileges available in a delegated role.
The following diagram shows the relationship between privileges, roles, delegated roles, users, delegated users, inherited roles, and inherited users in N4:
ROLE
In N4,
A role is a group of privileges.
Multiple roles can share a privilege (Privilege 3 in the above diagram).
You must assign a role to each user. However, you can also assign multiple roles to a user (User B in the above diagram).
You must assign at least one delegated role to a delegated user.
You can only assign inherited roles to an inherited user in the Inherited User form.