Although not granted by default, some permissions can be edited by authorized administrators; that is, they may be granted to roles. This lends greater flexibility to the access control model in the system, allowing it to more easily adapt to your organization’s needs.
When a permission is granted to a role, it is limited to the context associated with the user. When granted to a profile, users included in that profile will gain the permission, regardless of the associated context. For example, if the Edit Business Components permission is granted to a profile, users included in that profile will be able to edit all business components registered in the system. On the other hand, if the permission is granted to a role, the person assigned to that role will only be able to edit the components to which they were assigned.
In addition, permissions can only be added to roles if they are related in some way. For example, the Register Events permission cannot be granted to the Responsible for Business Component role, as there is no relation between the two.
Â