Managing RolesEdit on GitHub
This topic describes the procedures that you need to perform to create, edit, and delete roles.
To start working with roles, go to Users > Roles.
Creating a Role
To create a role:
- On the Role list table view page, click Add new Role in the top right corner.
- On the Create new Role page, enter the name of the role and click Create. This will redirect you to the Edit Role page where you define the permissions that this role will possess.
- In the Rule section, enter and select the following and click Add Rule:
See Adding Rules for Roles for information on how to create rules.
You have set up a role to be assigned to a group.
Tips and tricks In case you need a specific role to have access to all sections, you can put an asterisk (*) value for a bundle, controller, and action. Add allow for permission. This will grant access to everything you see in Back Office and allow to perform any action.
Editing a Role
To edit a role:
- In the Role list > Actions column, click Edit for a specific role.
- On the Edit Role page, you can:
- Add more rules to the role.
- Delete the already assigned rule by clicking Delete in the Assigned Rules > Actions column.
Adding Rules for Roles
In the Roles section of the Edit Role page, you can define what a user can or cannot do in the Admin UI. To restrict a user from accessing a specific action, you need to specify what bundle (module) and controller this action refers to.
Extracting the Bundle, Controller, and Action Values
Information about bundles, controllers, and actions is contained in tabs in the Back Office, and can be retrieved from links.
Go to Products > Availability section and click View in Actions.
Check the link in your browser. It will look somewhat like this:
- availability-gui is bundle,
- index is controller,
- view is action.
The bundle, controller and action values can also be found in the
navigation.xml file either at
/project/config/Zed/navigation.xml or at
See example of the
navigation.xml file of the AvailabilityGui module:
<?xml version="1.0" encoding="UTF-8"?> <config> <product> <pages> <AvailabilityGui> <label>Availability</label> <title>Availability</title> <bundle>availability-gui</bundle> <controller>index</controller> <action>index</action> <pages> <product-availability> <label>Product Availability</label> <title>Product Availability</title> <bundle>availability-gui</bundle> <controller>index</controller> <action>view</action> <visible>0</visible> </product-availability> <stock-edit> <label>Edit Stock</label> <title>Edit Stock</title> <bundle>availability-gui</bundle> <controller>index</controller> <action>edit</action> <visible>0</visible> </stock-edit> </pages> </AvailabilityGui> </pages> </product> </config>
Restricting User Access to Modules and Actions
You can restrict user access to all or specific modules and their actions. Keep in mind that user will not be able to perform actions on modules unless you explicitly allow them to. Therefore, if you want to restrict users from accessing particular modules/actions, first give them access to all modules, and then restrict access to specific ones.
Example Imagine you need to deny adding product attributes for a user. Do the following:
- First, allow all actions for all modules for the user. For this, in Rule section of the Edit Role page, put
*into fields Bundle, Controller and Action, and select allow in the Permission field.
- Go to the page for which you want to restrict access: Products > Attributes > Create Product Attributes.
- _product-attribute-gui_ is bundle,
- _attribute_ is controller,
- _create_ is action.
You can verify the bundle, controller and action values in the [navigation.xml file ](https://github.com/spryker/product-attribute-gui/blob/master/src/Spryker/Zed/ProductAttributeGui/Communication/navigation.xml
- Go back to the Edit Role page and fill in the required fields: Bundle: product-attribute-gui Controller: attriubte Action: create Permission: deny
- Click Save.
That’s it! When the user with this role clicks Create a Product Attribute, they will get the Access denied view.
Deleting a Role
To delete a role:
- In the Role list > Actions column, click Delete for the role that needs to be deleted.
- This action will permanently delete the record.
Tips and tricks While updating the role, you can initiate a new role creation flow.
To do that:
- Click Create role in the top right corner of the Edit Role page. The Create new Role page opens.
- Repeat the steps described in the Creating a Role procedure.
What’s next? You need to create a group to assign this role to it. See the Creating a Group section in Managing Groups.
For submitting the form