A role is a customizable object which determines what a user is entitled to do within the various applications of Lucca.
A role thus gives first of all access or not to one of the applications of the platform. For that purpose, it will be a question, once the permission created, of adding the wished application through the pull-down menu named "+Add an application".
Once it's done, the various operations that a user can be brought to lead within the application are listed.
The various types of operation scopes
Most of the operations are considered as "simple", that is to say they can be simply granted, or not, by ticking the checkbox.
Some of them have a pull-down menu, which allows to limit the scope of application of these operations to a specific group of users. This is the applicable scope of the operation.
Besides, Figgo and Poplee roles have the peculiarity of having operations, which the application scope can also be limited to a subset of specific objects linked to the business of each application. In practice, certain operations of Figgo, such as "Put on leave" may be applicable to a certain list of leave accounts. A possible application is to grant to managers the right to put on leave for "compensation" the collaborators they supervise.
Business objects of Poplee, as for them, are the various sections within which users data are organized. Accordingly, the configuration of a role giving access to Poplee allows to bound clearly, for each of the sections, the access rights in reading, or in writing.
The scope of "business object" type
As we saw, certain operations in Figgo, and all the operations in Poplee, have an additional scope to that of the users: the business object scope. The interface of configuration of these particular operations thus has a specific interface.
For each of them, it is possible to add a list of accounts or a section of Poplee, and a users scope on which the permission is granted.
For example, in the case of Figgo, it will be possible to create a role which gives the right to put on leave the employees targeted by the users scope on specific types of absences, listed in the defined list of accounts.
In the case of Poplee, it will be possible to set access rights in reading and/or writing for each section, on a set of specific employees, through the users scope.