Skip to main content
Feedback

Custom Role Scenarios

You can combine privileges to create custom roles and control user access to sensitive data on your account. This flexibility allows you granular control over who can execute process, read data, edit components, and more.

If you set up a custom role in a primary account, that role can be shared with other accounts through account groups. Some common scenarios you can configure include:

A user who is responsible for running processes that manage sensitive data (such as personnel or financial data) needs to be able to run processes and ensure that they execute successfully without actually accessing the data.

Details

  1. On the Custom Roles tab click the Add icon.

  2. Enter the role name, for example, Cannot View Data; enter a description if desired.

  3. In the Inherits Role dropbox, select Does not inherit a role.

  4. If you want the user to be able to execute or retry processes, select Execute - Execute or retry available Processes. Otherwise, leave it unchecked.

  5. Select View Results - View and monitor Process execution activity and logs.

  6. Click OK, then assign this custom role to the appropriate user(s).

Users who are assigned this custom role have access to the Process Reporting page. However, if users select a process and view the document results on the bottom of the page, they do not see the following options:

  • View Document on the Inbound Data and Outbound Data tabs
  • Run Document in Test Mode option on the Inbound Data tab
  • Re-run Document if the Execute privilege is off on the Inbound Data tab

Your Support team needs to view components to assist users with troubleshooting, but you do not want Support to create or change any components. Or, a partner wants to give your customers Build Read Access privilege to your account so that they can copy components but not change them.

Details

  1. On the Custom Roles tab click the Add icon.

  2. Enter the role name. For example,Read Only Access to Build Page; enter a description if desired.

  3. In the Inherits Role list, do one of the following:

    • Select Does not inherit a role.

    • Select either Production Support or Support, which do not include the Build Read and Write Access privilege.

    note

    The Production Support and Support roles are part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. To have this functionality enabled, contact your Boomi sales representative.

  4. Select the Build Read Access - Read access to processes and components check box.

  5. Click OK, then assign this custom role to the appropriate user(s).

When you replace a user's Build Read and Write Access privilege with the Build Read Access privilege, the privileges change immediately. If the user is signed into the Boomi Enterprise Platform when you make this change and if the user tries to change a component, users cannot save it even though the Save buttons appear. Instead, the user receives an error message. The user must sign out and sign in again to see the changes in the user interface.

Users who are assigned this custom role can see the following:

  • When they open a process or component it is in read-only mode. A banner across the top containing a warning that they are in read-only mode.

  • If they change a component, by typing in a field for example, their changes are not saved. There are no Save or Save and Close buttons on components.

Your Support team needs to view the Scheduling settings for a runtime but does not need to change those settings.

Details

  1. On the Custom Roles tab click the Add icon.

  2. Enter the role name, for example, Read Only Runtime Management; enter a description if desired.

  3. In the Inherits Role list, do one of the following:

    • Select Does not inherit a role.

    • Select Support, which does not include the Runtime Management privilege.

note

The Production Support and Support roles are part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. To have this functionality enabled, contact your Boomi sales representative.

  1. Select the Runtime Management Read Access - Read access to runtime configuration and administration check box.

  2. Click OK, then assign this custom role to the appropriate user(s).

Users who are assigned this custom role can see and do the following:

  • There are no Save buttons or other actions (such as Delete or Restart) displayed on the Runtime Management panels.

  • They can perform read-only actions such as searching, filtering, sorting, and viewing details about a setting or status.

Your Support team needs to view the settings for an environment, but does not need to change those settings. Or, a user needs read access to one environment in the account, but not to a second environment.

Details

  1. On the Custom Roles tab, click the Add icon.

  2. Enter the role name, for example, Read-Only Environment Management; enter a description if desired.

  3. In the Inherits Role list, do one of the following:

    • Select Does not inherit a role.
    • Select Support.
    note

    The Production Support and Support roles are part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. To have this functionality enabled, contact your Boomi sales representative.

  4. Select Environment Management - Read access to Environment configuration and administration from the Additional Available Privileges list.

  5. Select Runtime Management from the Additional Available Privileges list.

    The Runtime Management privilege is also required, otherwise the user cannot access the Runtime Management page where environments are viewed and accessed.

  6. Click OK, then assign this custom role to the appropriate user(s).

  7. Navigate to Manage > Runtime Management, and open an environment by selecting the environment from the list or by clicking on a tile with the environment's name.

  8. In the Roles with Access field, select the check box for custom role that you just created. You can assign the read-only access restriction to additional environments as needed.

After creating this custom role and assigning it to a user, and then subsequently assigning the same role to a select environment (or environments), the user will have read-access to only those environments with the matching role. Environment-by-environment access does not work as intended if the custom role assigned to the user does not match the one assigned to the environment;

Users who are assigned this role can see the following:

  • the absence of actionable items on the Environment Management panel, such as the ability to add and subtract roles in the Roles with Access field, or to add and subtract Attachments.
  • that they are unable to schedule or deploy processes to any environments in which they do not have access on the Runtime Management screen.

A user needs to modify the properties and settings of one or more environments on an account, but not necessarily all environments.

Details

  1. In order for environment access controls to take affect, the account administrator must turn on the Advanced Environment Access feature from the Settings > Account > Features page.

  2. Enter the role name, for example, Write and Read Environment; enter a description if desired.

  3. In the Inherits Role list, do one of the following:

    • Select Does not inherit a role.
    • Select Support.
    note

    The Production Support and Support roles are part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. To have this functionality enabled, contact your Boomi sales representative.

  4. Select Environment Management - Write access to Environment configuration and administration from the Additional Available Privileges list.

  5. Click OK, then assign this custom role to the appropriate user(s).

  6. Navigate to Manage > Runtime Management, and open an environment by selecting the environment from the list or by clicking on a tile with the environment's name.

  7. In the Roles with Access field, select the check box for custom role that you just created. You can assign write and read access to additional environments as needed.

After creating this custom role and assigning it to a user, and then assigning the same role to the corresponding environment(s), the user will have write and read access to only those environments with the matching role. Environment-by-environment access does not work as intended if the custom role assigned to the user does not match the one assigned to the environment.

If users are assigned this role and have the Environment Management - Read only privilege, they will be unable from making any changes to the Test Extensions options on the Build page.

Users who are assigned this role can do the following:

  • Edit any environments to which they have access
  • Deploy processes to any environments in which they have access
  • Schedule processes to run on the basic runtime, runtime cluster, or runtime cloud attached to any environment in which they have access.