◷ Reading Time: 3 minutes
In FlexRule Server, a role is a grouping of actions and their access permissions. Roles can be assigned to actors (i.e. Application or User) which then allows or disallows that actor to interact with the server.
Access to an Action can be defined as:
- Unspecified: which means the access has not defined for an Action
- Allow: enables an actor to use an Action
- Deny: disallow an actor to use an Action
Access Result
When an Actor has multiple Roles associated with, the Access on different Actions can overlap and the result of final Access will be derived with below Access table:
| Access 1 | Access 2 | Final Result |
|---|---|---|
| Deny | ||
| Deny | ||
| Deny | ||
| Deny | ||
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Deny | Deny |
| Allow | Deny | Deny |
| Allow | Deny | Deny |
| Allow | Deny | Deny |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Allow | Allow | |
| Deny | Allow | Deny |
| Deny | Allow | Deny |
| Deny | Allow | Deny |
| Deny | Allow | Deny |
| Deny | Deny | Deny |
| Deny | Deny | Deny |
| Deny | Deny | Deny |
| Deny | Deny | Deny |
** Empty cell is an unspecified Access, it’s neither Allow nor Deny.
New Role
Creating a new Role requires two set of information:
- General
- Actions
General
General information allows you to assign a Name to the Role.
Actions
Actions section allows you to define what Action has what Access setting in this new Role:
In the first column of table, Access can be defined as:
- Empty: Access it not specified.
- Allow: Allows access for a specific action.
- Deny: Disallows access for a specific action.