Forum Discussion

jordanepotter's avatar
jordanepotter
Mentor
12 years ago

Grant Category Level roles sso

I have seen a similar discussion on here already, but it did not answer my question.  The other discussion can be found here: http://lithosphere.lithium.com/t5/customer-connection/Grant-Category-level-role-via-SSO/m-p/12570#M2458.  I see where it says to create the roles at the community level leaving the roles set to default, and recreate them at the category level giving the roles they need specific to that category. We have some roles that we want to give that need to be exactly the same across categories, but need to be applied at a category level. This could be like a community specific admin, or superuser. If we followed what was in that other discussion, we would end up with a different role for each category.  It would be a hassle to maintain this, because if we needed one role change we would have to actually remember to change it across all categories, and test all of them to make sure it worked, instead of being able to change it all in one place. So again the question is brought up, is there any way to grant roles at a category level?

  • DougS's avatar
    DougS
    12 years ago

    As is mentioned in the other post, you can grant roles at the category level only after they have been created there -- so if you have a role named Contributor at the communtiy level, but want to grant it to someone only at the category level, then you create the Contributor role at the category level as well and only at that level do you assign a user to the role.

     

    The trick to remember is setting permissions to "DEFAULT" level:

     

    As long as you leave the permissions that are assigned to the role you've added at the category level set to "DEFAULT" then the values of the permissions set at the community level will flow down to the category (so you can manage your permissions globally at the community level, but assign users to the role at the category level).  If you don't have a permission set on the role at the category level set to "DEFAULT" then you are specifically overriding that permission at the category level.

     

    Hopefully that answers your questions, but let me know if something is unclear/missing from my response.

     

    Thanks,

     

    -Doug

  • DougS's avatar
    DougS
    Khoros Oracle
    12 years ago

    As is mentioned in the other post, you can grant roles at the category level only after they have been created there -- so if you have a role named Contributor at the communtiy level, but want to grant it to someone only at the category level, then you create the Contributor role at the category level as well and only at that level do you assign a user to the role.

     

    The trick to remember is setting permissions to "DEFAULT" level:

     

    As long as you leave the permissions that are assigned to the role you've added at the category level set to "DEFAULT" then the values of the permissions set at the community level will flow down to the category (so you can manage your permissions globally at the community level, but assign users to the role at the category level).  If you don't have a permission set on the role at the category level set to "DEFAULT" then you are specifically overriding that permission at the category level.

     

    Hopefully that answers your questions, but let me know if something is unclear/missing from my response.

     

    Thanks,

     

    -Doug