Role

Definition

A role is a set of profiles that gives access rights to certain modules.

A user can have one or more roles on different domains. This allows users to have different rights depending on the domains they are in. For example, a user can be CEO on one domain and Consultant on another, which may or may not give him access to certain modules.

Why Roles And Profiles?

One would think that the roles are sufficient and that the profile and role modules could have been merged to manage rights in only one place.

Here are the reasons why Uccello distinguishes between profile and roles:

• You must be an advanced user and have a good knowledge of the notion of access rights as well as the architecture of the Uccello application to create profiles.

• Users who create new roles are not necessarily the same ones who create profiles. We can therefore give a user access to the role module but not to the profile module.

• You can deliver a Uccello application with a list of existing profiles, and leave it to the customer to create the roles of his choice.

In order to facilitate the creation of roles, it is preferable to create several simple profiles. For example, the Secretary role will contains the following profiles :

• Customer Management - Read Only

• Billing - Total Access

• E-mail - Reading, Writing

Ancestors roles

By default, roles as well as profiles are filtered by domains. Since it can be cumbersome to create the same roles each time you create a new module, Uccello allows you to view roles that have been created in parent domains of the current domain. To enable this option, modify the file located at config/uccello.php as follows:

<?php

return [
    ...

    'roles' => [
        'display_ancestors_roles' => true
    ],
];

If the file config/uccello.php does not exist, please launch the command php artisan vendor:publish --tag=uccello-config

The roles created in ancestors domains are visible.