Managing Roles

Overview

Roles are central to controlling which users can access which information and functionality in your application. Roles are essentially a collection of permissions that can be assigned to users. Frontegg comes with two roles already setup with permissions for Admin and ReadOnly. Use those as they are, edit them, or create your own new roles. Read below to learn how.

List of Roles

To see a list of roles and to manage them, go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authorization ➜ Roles.

📘

For instance, go to the development environment at Environments ➜ Development ➜ Authorization ➜ Roles.


🚧

Be sure to update the roles in each environment separately.


28802880

By default, Frontegg has Admin and ReadOnly roles already defined and assigned with relevant permissions. You can utilize these roles or remove them and add your own.

Create Roles

To create a new role, click the Add New button and complete the form.

28802880

📘

After creating a new role


Name and ID

The Name is public and is therefore what you and others will see for the role. Conversely, the ID serves as an internal identifier. Later, you can change the role name without changing the internal role ID. This allows you to change your public role names without influencing internal role functionality.

Level

Level allows you to group roles together and thus create organizational role hierarchies.

Grouping roles together in levels, you can create associations between roles that otherwise would not exist. Roles assigned to the same level in the application probably have some real-world connection, too.

📘

An Example

You could have six corporate roles divided among three overall levels.

  • Role Level 0 for Agent, Admin
  • Role Level 1 for Operator, Editor
  • Role Level 2 for Viewer, Analyst

By default, all roles are assigned Role Level 0.

📘

Assign Permissions

After creating a new role, you should assign permissions to that role. Permissions are a big part of defining what a role is and therefore distinguishing it from other roles.


Default

Select whether the role is added by default to each new user that joins.

Add Permissions

After creating a role, you need to define the permissions for that role. Read more about permissions. The permissions assigned to a role essentially control what users with that role can do in your application.

To manage the permissions assigned to each role, go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authorization ➜ Permissions.

📘

For instance, go to the development environment at Environments ➜ Development ➜ Authorization ➜ Permissions.


🚧

Be sure to update the permissions in each environment separately.


28802880

Assign one or more permissions to the role.

To assign a permission to a role, in the list of categories find the permission that you want to assign to a role, and check the checkbox for the role. Assign them by category or open each category to assign individual permissions.

Assign Users

Once you create a role, you need to assign the role to users.

Go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Test ➜ Users.

📘

For instance, go to the development environment at Environments ➜ Development ➜ Test ➜ Users.


🚧

Be sure to update the users in each environment separately.


On that page, you can see and manage the users.

You can assign roles to a user when creating the user, like in the image below.


28802880

You also can edit an existing user's roles.

In the list of users, click on the user. You should see the user's overview page, which includes a list of tenants that the user belongs to. For each tenant is listed the user's roles.

To edit those roles, click on the menu for the tenant and select Edit Roles, like below.

28802880

Edit the roles and save.

28802880

Disable Role-Based Authorization

You can disable roles if your application does not require a user hierarchy. If you disable roles, every authenticated user will be allowed to send requests to Frontegg's built-in features without Frontegg roles enforcement.

28802880

If you enable roles, then Frontegg will enforce the roles pursuant to their scopes. By default, the roles feature is enabled and you have default roles for Admin and Read-Only.

Enforce Roles

After configuring your roles and permissions in the Frontegg Portal, you can enforce them in your application. Specifically, you can:

Admin Portal Roles

Give a user access to specific Admin Portal features by assigning permissions to a role and then assigning that role to the user.

📘

Remember to save and publish your changes.

Audit Logs Permissions

Create one or more roles with Audit Logs permissions.

Users assigned a role with those permissions can access the Audit Logs in the Admin Portal.

Go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authorization ➜ Permissions.

Assign at least one role Audits permissions, like the Admin Role below.

28802880

SSO Permissions

Create one or more roles with SSO permissions.

Users assigned a role with those permissions can configure and manage account-level SSO in the Admin Portal.

Go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authorization ➜ Permissions.

Assign at least one role Secure Access general permissions. Like the Admin Role below, you can assign all Secure Access permissions to a role using the Secure general permission, or you can select individual permissions from the category.


28802880

An alternative to Secure Access general for SAML permissions is to assign at least one role SAML permissions. Like the Admin Role below, you can assign all SAML permissions to a role, or you can select individual permissions from the category.


28802880

Webhooks Permissions

Create one or more roles with Webooks permissions.

Users assigned a role with those permissions can access the Webhooks in the Admin Portal.

Go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authorization ➜ Permissions.

Like the Admin Role below, you can assign all webhook permissions to a role, or you can select individual permissions from the category.

28802880

Did this page help you?