[Security] Rules for assigning primary and secondary roles

Before you get started

The primary and secondary roles control access to the solutions and the various permissions associated with them.

To find out more about their creation and operation, you can click here.

The roles of an employee can be edited with the "Edit Lucca data" permission of the Employees app or "Edit HR data" on a section that contains the role and secondary roles data.

The sensitivity of the roles involves some additional rules that reduce the risks of abuse or errors. 

Hierarchy of the main roles

In the administration of roles, the main roles are ordered from "strongest" to most restrictive. We generally find the roles of administrators first, followed by the roles of managers, and finally the roles for employees.

This hierarchy implies that a user cannot assign themselves or another employee a role higher than their own. A manager can never take on the role of administrator.

It is therefore essential to properly order the main roles.

The secondary roles are not ranked and therefore do not follow this same rule. Consequently, it is advisable not to activate a sensitive permission to a secondary role.

Assignment of a role that gives access to the role administration

Given that access to role administration is particularly sensitive, it is not possible to assign a role to yourself or another employee that gives access to role administration if we do not have access to it ourselves.

Roles associated with an API key 

Roles associated with an API key cannot be assigned to an employee. 


Page content

Was this article helpful?
1 out of 1 found this helpful