Skip to main content

Managing your Roles in Pigment is key to keeping your Application secure. This article shows you the basics of creating, editing, and assigning roles to Members.

Only Members with a Primary Owner, Security Admin or Workspace Admin account type can manage Role settings.

 

 

Before you begin

Ensure that you’ve read and understood the concepts discussed in the introductory topic: Pigment Roles, Permissions, Access Rights

 

Create a new Role

  1. Go to the Roles tab on the Roles, Permissions & Access page.
  2. Click + New Role.
  3. Type a name for your Role.
  4. In Permissions, toggle on the required default permissions for the Role in the following sections:
    • Application Permissions
    • Block Permissions
    • Board Permissions

  5. Define the Default Access Rights for Members.

  6. Click Create Role.

 

Edit, duplicate, or delete a Role

  1. Go to the Roles tab on the Roles, Permissions & Access page.
  2. Hover over a Role and do one of the following:
    - Click the Edit role icon. Here you can edit the name, Application, Block and Board Applications.
    - Click the menu (), and select Duplicate or Delete.

When a Role is deleted, Members belonging to that Role lose their access to the Application until they are assigned a new Role.

 

Assign a Role to a Member

Members with Primary Owner, Security Admin, Workspace Admin account types, or any Member with the Define Application Security permission can assign a Role to a Member.

  1. Open the Security folder in your Application. This contains the Role Dimension List and Users roles Metric.
  2. Open the Users roles Metric, and locate the Member you want to update.
  3. Double-click the field in the Role column, and select the appropriate role for the Member.
    If any Members are already assigned that Role, a prompt displays their names.
  4. (Optional) Open the Role List to review the current permissions and Application-level access rights for your Application.

The Properties in a Role List are known as protected Properties, meaning they cannot be edited or deleted.

 

Adding access rights to a Role

Access rights are applied to Roles by default, but you can also assign additional access right for more granular data access:

  • Default access rights on Roles. Each Role is assigned a default Application-wide access right, which governs permissions across the entire system. The Read and Write columns on the Roles, Permissions & Access page display these default access rights, defining what data users can view, modify, or what remains hidden.
     
  • Additional access rights on Roles. In addition to default Role-based access rights, you can create access rights Metrics to grant and restrict access at a more granular level, regardless of a Member's assigned Role. By creating access rights Metrics for Roles in Pigment, you control which Members can read or edit data within your model. It keeps sensitive information protected, and allows Members to perform tasks seamlessly.

Before you add specific access rights to a Role, see Introduction to Access Rights. This is required reading before you start setting up data access for your Members.

 

Grant an Admin Role to Applications

Security Admins can assign themselves an Admin role for any Application, even if they don’t currently have access to it. This allows them to regain access to Applications where Members may be locked out.

To do this:

  1. Open the Workspace homepage. 
  2. Click the menu (…) on the required Application.
  3. Click Change my Role, and then either Admin to grant yourself Admin access or None to remove access.
  4. From the menu, select a new Primary Owner, and click Change

Security Admins have an Application access filter to quickly identify Applications they don't have access to. These Applications are grayed out.

 

Be the first to reply!

Reply


Ask your question here!

Terms & ConditionsCookie settings