Prerequisites
You will need the following prerequisites to follow through with this guide:
Admin access to your Frends tenant to access the User Management View.
An Environment called 'Test'.
Processes deployed to different Environments that have a Tag named 'CustomerA'.
Configuring a Role
Frends Role management enables a very fine-grained permission setup.
Create a new Role from Administration -> Users -> Roles -> 'New role' Button
Chose a descriptive name for your new role e.g. 'Tester'
Configure the Rules for that role
In the case of a tester role the rules could be the following:
DenyAction *.* ย - This denies every action.
AllowAction *.View - This allows to view everything.
AllowAction Process.Start - This allows the Tester Role to start new executions.
AllowAction ProcessInstance.* ย - This allows the Tester Role to view and delete Process Instances.
AllowEnvironment Test - This limits the Tester Role to only interact with the Test and Development Environment.
AllowTag CustomerA- This limits the Tester Role to only be able to interact with Processes that have the 'CustomerA' Tag.
Add the Users that should be assigned to this role.
Best practice
If a User is assigned to multiple roles the User will have a combination of all Rules from the assigned Roles. When configuring Roles for a User you should be careful not to create contradicting Roles for Users. For example, if the User has the rules AllowAction 'Process.Start' and DenyAction 'Process.Start' the User will effectively have Permission to start a Process. See documentation for more details how the Rules will affect a Users permissions.