◷ Reading Time: 3 minutes
In FlexRule Server, a role is a grouping of actions and their access permissions. Roles can be assigned to actors (i.e. Application or User) which then allows or disallows that actor to interact with the server.
Access to an Action can be defined as:
- Unspecified: this means the access has not been defined for an Action
- Allow: enables an actor to use an Action
- Deny: disallow an actor to use an Action
Access Result
When an Actor has multiple Roles associated, the Access on different Actions can overlap and the result of the final Access will be derived from the below Access table:
| Access 1 | Access 2 | Final Result |
|---|---|---|
| Deny | ||
| Deny | ||
| Deny | ||
| Deny | ||
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Deny | Deny |
| Allow | Deny | Deny |
| Allow | Deny | Deny |
| Allow | Deny | Deny |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Deny | Allow | Deny |
| Deny | Allow | Deny |
| Deny | Allow | Deny |
| Deny | Allow | Deny |
| Deny | Deny | Deny |
| Deny | Deny | Deny |
| Deny | Deny | Deny |
| Deny | Deny | Deny |
** Empty cell is an unspecified Access, it’s neither Allow nor Deny.
New Role
Creating a new Role requires two sets of information:
- General
- Actions
General
General information allows you to assign a Name to the Role.
Actions
The actions section allows you to define what Action has what Access setting in this new Role:
In the first column of the table, Access can be defined as:
- Empty: Access it not specified.
- Allow: Allows access for a specific action.
- Deny: Disallows access for a specific action.