Skip to content

Role Administration

Contour access profile is designed based on the Role-based Access Control (RBAC) principle.

Identity administrators can create roles (i.e. profile) and define the access level according to the needs.

Create New Role

To create a new user role, the action must be taken by 2 Identity admin users in a request-approve manner.

Part 1: First administrator (Request)

  1. Click on Gear icon on the top right, then "User roles"
  2. Click on Add role
  3. Fill in the form
    • User role name: name of the role
    • Map to LDAP group (option): only applicable if Single sign-on or LDAP integration is enabled, mapping the role to a Active Directory group
    • Product: access to the products
    • Business transactions: view, make, check, approve
  4. Click on Preview, then Confirm

Now, the role creation is pending second administrator to review and approve, listed under the "Pending" tab.

Part 2: Second administrator (Approve)

  1. Click on Gear on the top right, then "User roles"
  2. Click into the newly created user role, and review
  3. Click on Approve, then Submit

Now, the role has been created successfully and become active, listed under the "Members" tab. Administrator can start assigning the role to individual users.

Edit Existing Role

To edit an existing user role, the action must be taken by 2 Identity admin users in a request-approve manner.

Part 1: First administrator (Request)

  1. Click on Gear on the top right, then "User roles"
  2. Click into the user role, then Edit
  3. Update the "User role name", "Map to LDAP group", the access level on "Product" and "Business transactions" accordingly
  4. Click on Update, then Confirm

Now, the role update is pending second administrator to review and approve, listed under the "Active" tab since the role remains active.

Part 2: Second administrator (Approve)

  1. Click on Gear on the top right, then "User roles"
  2. Click into the newly edited user role, and review
  3. Click on Approve, then Submit

Now, the role has been updated successfully, and the users assigned with the role have the updated access.

Deactivate User Role

To deactivate an existing user role, the action must be taken by 2 Identity admin authorised users in a request-approve followed by approver flow.

Part 1: First administrator (Request)

  1. Click on Gear on the top right, then "User roles"
  2. Click into the user role to be deactivated, Deactivate, then Confirm

Now, the role deactivation is pending second administrator to review and approve, listed under the "Active" tab since the role remains active.

Part 2: Second administrator (Approve)

  1. Click on Gear on the top right, then "User roles"
  2. Click into the user role to be deactivated, and review
  3. Click on Approve, then Submit

Now, the role has been deactivated, listed under the "Members" tab. The users with this role assigned will no longer have the role in their profile, and the corresponding access are removed.