Role based access control
Overview
Role based access control allows for assigning users custom permissions within ION for creating/updating/deleting data. The ION data model allows for abstracting permissions to roles to make them easier to administrate.
Permissions are assigned to roles, and roles can either be assigned directly to users or to users through teams. See the data model below.

Let's take an example. Let's say that you want to control the permissions of creating runs to the manufacturing engineering team. You'd also like manufacturing engineers to have access to create and update inventory. The warehouse team will have access to create and update inventory as well.
A recommended approach for doing this in ION would be:
Create a new role for
Run creator
Assign the appropriate permissions to role
Create the teams:
Manufacturing engineering
andWarehouse.
Assign the correct roles to the teams, which in this case will include
Run Creator
and theinventory
role, which already exists in ION.

5. Assign the correct staff to each team
6. Go forth and prosper with your newly administered roles
Creating and Assigning Roles to Users
To grant users access to new roles, you either need to be an admin
or you need to have a role with the AttachRoleToUser
or DetachRoleFromUser
permissions.
To change the permissions associated with a role or to create new ones, you need the following permissions.
AttachPermissionGroupToRole
CreateRole
DeleteRole
DetachPermissionGroupFromRole
UpdateRole
Admins
Users with the role admin
will have permissions to do any and all things within ION. Use judiciously!
To see others that are admins within your environments, navigate to roles within the members section of settings here and see who all this applies to.

Adding permissions to roles:
To add permissions to roles:
go to Settings -> Roles
Click on the role you want to edit
Click the permissions you want to add.
Below is a video showing just that!
No permissions
If a user does not have permissions to perform an action, they will get the a message listing the permission required, see example below. Permissions are required for any create/update/delete action in ION.
Special cases
Redlining on the frontend requires that you have access to the
updateRedline
PermissionPutting a step on hold or canceling a step requires the same access as completing a step:
updateRunStep
Bulk updates
We've prepared some bulk update python scripts here for managing users, roles, and teams to help make it easier to administer.
Last updated
Was this helpful?