Skip to main content
Skip table of contents

Roles Example

To better understand the concept of Roles, Users, and Priorities here is an example scenario.

Below is a table of users and their group assignments. Some users are not members of any groups, some are members of a single group, and others are members of multiple groups. In this example, these users are coming from a SAML Domain that was configured. When SAML Domain members connect to Signum, Signum makes those users and any potential group memberships passed in the SAML assertion available for assignment to Roles.

Quick Tip Users only require a role for accessing the Admin Web Console, end users are able to login to the Agents and use certificates defined in policies without needing to have a role assignment.

User

Group Membership

User A

None

User B

Group-1

User C

Group-1

User D

Group-1 & Group-2

User E

Group-2

In this example, Signum has been configured with the following Roles.

  • Administrator

  • Event Viewer

  • Certificate Manager

  • Development Manager

Now that there are users available and Roles have been created we can look at assigning those users to the roles and with some example priorities. This scenario has purposefully been made complex to illustrate the interactions between a Users/Groups Role assignment and priority level. In real world usage, role assignments are straightforward in many applications. Consider the below scenario:

Role

Priority

User / Group Assignment

Administrator

1

User A, User B

Event Viewer

0

Group-1

Certificate Manager

1

Group-2

Development Manager

1

Group-2

Explanation of what roles were assigned from the above scenario and why.

User

Assigned Role

Why?

User A

Administrator

User A had no other assignments. They were assigned directly to the Administrator role so that is their valid role assignment.

User B

Administrator

While User B was a member of Group-1, since they were directly assigned to the Administrator role that is their valid role assignment. Note, that this is true even though the Event Viewer Role had a higher priority (0 is the highest potential priority assignment).

User C

Event Viewer

Since User C was a member of Group-1 and had no other potential assignments their role is Event Viewer.

User D

Event Viewer

Since User D was a member of both Group-1 and Group-2, but the Event Viewer role has a higher priority User D was assigned to Event Viewer.

To assign User D to the Certificate Manager role, change the priority of the Event Viewer role to 2 or higher.

User E

N/A

Since the Certificate Manager role and Development Manager role have the same priorities this role assignment will not be applied consistently.

To assign User E to the Development Manager role assign the role directly to the user instead of the group.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.