Permission Sets

Administrators can now provide application-level access to features using permission sets. Previously, application feature access was controlled only through a user's profile or at the instance-level (General Settings). Permission sets give Administrators more granular application-level control. Permissions can be granted to user groups or individual users.

Example

The DCR Cleanup feature enables you to cancel or reject DCRs in bulk. Using permission sets, Administrators can give you access to cancel DCRs in bulk, but restrict your access to reject DCRs in bulk.

In this release, permission sets are supported for the new DCR Cleanup feature.

The Permission Sets feature is enabled by default in your Network instance.

Define a permission set

Create a permission set to give users application-level access to features; for example, the DCR Cleanup feature. Users who are not defined in this permission set will not see the DCR Cleanup feature in the Inbox.

For more information about the DCR Cleanup feature, see the "DCR Cleanup" topic in these Release Notes.

To create the permission:

  1. In the Admin console, click Users & Permissions > Permission Sets.

  2. Click Add Permission Set.

  3. Type a Name and Description.

  4. The Status is Enabled by default. When the permission set is saved, the defined users will have immediate access to the DCR Cleanup feature.

  5. In the Permissions section, choose the operations the users can access.

    For example, DCR Cleanup:

    • Reject tasks - Bulk reject tasks.

    • Cancel tasks - Bulk cancel tasks.

    • Users that have access to these operations can select the tasks from the Inbox or Upload a File containing task IDs. These permissions also give users access to the DCR Cleanup page (View Previous Operations option) to monitor their task cleanup operations.

      If a user does not have access to one of the actions, it does not display in the feature.

      Example

      If you give users access to Reject tasks, but not Cancel tasks, the Cancel Selected Tasks option does not display in the DCR Cleanup list.

  6. In the User Groups section, click Add User Groups.

    Select the groups that should have access to the feature and permissions that you have defined.

    Click Add User Group.

  7. In the Users section, add individual users to the permission set. Click Add Users and select the specific users.

  8. Save your changes.

    Users assigned to this permission set will now have access to the DCR Cleanup feature.

Audit

Administrators can track the changes to permission sets in the System Audit Log.

Tip: To filter the logs, use the PermissionSet object type.

The following activities are tracked:

  • Enabling and disabling a permission set.

  • Changing a permission set: permissions, user groups, and users.