Roles define the set of permissions and the level of access granted for an end user to access or modify the components of your application. You can define the scopes and access permissions for certain Catalyst components to each role, and assign a role to every user. This categorization enables the users of your application to only access functionalities that are relevant to them.
Roles currently apply to the Data Store and the File Store. You can define the scopes and permissions of each table for each user role in the Data Store. These scopes and permissions also apply to Search and ZCQL by extension, since these components are tied closely to the Data Store. Similarly, you can define Folder access permissions for each role in the File Store.
There are two user roles that are created by default:
- App Admin: The users assigned to the App Admin role essentially have an admin access to the application by default. You can override this and define their access levels to the tables in the Data Store and to the folders in the File Store.
- App User: The users assigned to the App User role essentially have an end-user level access to the application by default. You can also override this and define their access levels in the Data Store and File Store.
In addition to these roles, you can create your own custom user roles and define their permissions.
Catalyst enables you to set a user role as the default role. When a user role is set as the default role, When this is done, the users who are added to your application are assigned to that role automatically, and the permissions that have been set for that role are made available to them.
- User roles enable you to group your application users based on the access levels and permissions given to them.
- Roles help you to prevent unauthorized access to view or modify application data, and boost the resource and data security in your application.
- You can configure scopes and grant specific permissions to actions like viewing a table's data, deleting rows from a table, or uploading files in specific folders in the Data Store and File Store for custom user roles.
- They also enable you to control the dataflow and the design of your application as per your needs. You can build your application by keeping in mind the multi-level access you can grant to various user groups.
To create a new role in Catalyst, you must clone an existing role. This will clone the set of permissions from the parent role to the new role.
To create a new user role for your Catalyst application:
- Click the Roles tab in Authentication.
- Click Add Roles in the Roles section.
- Enter a name for the role in the pop-up window.
- Select an existing role to clone the permissions from, in the Clone Role field.
- Enter a description for the role.
- Enable the IsDefault to make this role the default role in your Catalyst application.
- Click Create.
The role will now be displayed in the Roles section along with details. A unique Role ID will be created for the new role, which can be used to refer to the role while adding a user from the API or SDKs. The App Administrator and App User roles will already have Role IDs by default.
You can enable or disable a role as the default role using the toggle switch.
To rename a user role:
- Click the ellipsis icon for the role to be renamed and click Edit in the Roles section.
- Type the new name of the role and press Enter.