InfraLink relies on the concept of Roles to grant Permissions to registered Users. Each Role is a set of PermissionsThe Role definitions (i.e., the list of Permissions the Role includes) are global, as they are configured at the Instance level. The Instance Administrator must have global permission to create and/or modify User Role definitions. (Note: this permission is different from the Permissions to assign Roles to User Accounts).

The InfraLink Instance Administrator defines User Roles based on the intended use of the Instance, its User categories, security policies, and other factors. While new Roles may be created and existing Roles may be modified at any time, it is a best practice to plan and define some core User Roles prior to creating User Accounts.

This article provides guidance on the following features and functionality related to User Roles:

Understanding Global and Contract-Level Permissions and Roles

InfraLink provides two ways of partitioning data within the system: 1) by kind of data (e.g. System Elements, Locations, Cases, etc.) and 2) by Contract. In addition to representing full or partial scope of a business arrangement, an InfraLink Contract acts as a security container. This structure allows the Instance Administrator to restrict access based on Users' contract/project associations. 

To ensure configuration consistency and effective management of infrastructure-related information, certain data objects defined and maintained in InfraLink are global. That is, they require global privileges assigned at the InfraLink Instance level, not at the individual Contract level. On the other hand, maintenance records and other project-specific data objects are maintained at the Contract level and do not require global privileges. The infrastructure owner may be assigned a global Role to access all such objects across all Contracts, while individual contractors rely on Contract-specific Roles to access the objects pertaining to their respective projects only. 

Typical Role Assignments

Non-administrative User Accounts typically have

  • a global-level User Role (e.g., Global - Basic User) assigned, which provides access to the instance's basic global definitions; and
  • at least one contract-level User Role (e.g., Technician, Engineer) for each Contract/project they support.


Infralink includes hundreds of individual Permissions, which provide access to specific data or functionality.

  • Global Permissions - Some data objects within InfraLink are global and exist at the InfraLink Instance level, not restricted to one or multiple Contracts. Global objects include definitions (e.g. System Element Types, Location Types, Workflows, etc.), User Accounts, and Roles. The Create, Read, Update, Delete, and other Permissions associated with such global data objects are referred to as global Permissions. The word global in this context means that the permission applies at the InfraLink Instance level and is not restricted to one or multiple Contracts.
  • Contract-level Permissions - Most of the business objects that represent the scope of a project, such as System Elements, Locations, Assets, Cases and Tasks, support Contract associations. For example, each Case must be associated with a Contract, and each System Element or Location may be associated with one or multiple Contracts. The Create, Read, Update, Delete, and other Permissions associated with business objects that support Contract associations are referred to as Contract-level Permissions. The Contract-level Permissions provide additional granularity for controlling access to the respective business objects. 

Global vs Contract Assignment

Global User Roles may contain both global and contract-level Permissions. Roles defined as global may only be assigned to User Accounts globally (i.e., not at the Contract level). 

  • Be very cautious when assigning contract-level Permissions to global Roles. While this practice is appropriate for administrators and owners, it is discouraged for almost all other user types, as it can result in unintended access to contract-level data and actions.

Contract-Level Roles may contain only Contract-level Permissions. Roles defined as Contract-level may be assigned to User Accounts on a per-contract basis or globally. Assigning a Contract-level Role globally will grant the User the corresponding privileges across all Contracts. 


User Roles Grid View

User Roles are created, edited, and viewed via the User Roles grid view, which employs the standard viewing pane layout. To access the User Roles grid view:

  1. From the top-level navigation toolbar, select the Configure menu.
  2. Select Roles to open the User Roles grid view.

Filters - Filters along the left side of the view allow users to refine the User Account records displayed within the grid view.

  • Filtering User Roles by scope restricts the view to global or Contract-level Roles, as defined above. 
  • Filtering User Roles by Included Permissions restricts the view to Roles containing the selected permission(s).
  • Filtering by Excluded Permissions restricts the view to Roles that do not contain the selected permission(s).

Note: Combining Included Permissions and Excluded Permissions selections within the Filters panel will restrict the view to Roles that include some Permissions but not others. For example, you may need to answer the question, "What Roles allow the User to view System Elements but not create or edit them?"

Role Details Panel

Selecting a Role from the User Roles grid view, will open the corresponding Role details panel along the right side of the viewing pane. The Role details panel will display the Role's name, description, scope (i.e., global- or contract-level), active users, and a list of included Permissions. 

The "Active Users" count is displayed as an active link. Selecting that count will navigate you to the Accounts grid view, filtered by the particular Role. This function may be especially beneficial when reviewing the Users who are granted elevated (administrative) privileges. After reviewing the list of Active Users, use your browser's back button to navigate back to the Role details panel.

Creating a User Role

Typically, you create a new Role to support a particular category of Users. For example, you would create an "Inventory Manager" Role to provide the Permissions necessary for receiving, tracking, and managing warehouse materials/spares. To create a new User Role:

  1. From the top-level navigation toolbar, select the Configure menu.
  2. Select Roles to open the User Roles grid view. 
  3. Apply filters, as needed, to make sure that the User Role you intend to create does not already exist, perhaps, by another name and/or combined with other privileges.
  4. Select the Create button, at the top of the grid view, to open the New Role form.
  5. Name the new User Role, entering a concise, yet descriptive, name. This name will appear when Roles are listed, including within the dialog used to assign Roles to Users. Therefore, it is critical for the name to properly communicate the purpose of the Role and the kind of Permissions it includes.
  6. Provide a Description of the new Role, including additional information you and/or other administrators may need to properly select the Role when assigning it to Users in the future and/or when updating Role definitions. 
  7. Define the new Role's Scope, selecting either global or contract-level. (See the explanation above.)

  8. Check the box next to each of the Permissions to be included within the new User Role. Permissions are displayed in a hierarchical list:

    1. Permissions are listed by data record type. Checking the box next to the listed data record type will automatically include all related functionality Permissions.
    2. Clicking the downward arrow next to the data record type will expand the list to display more granular permission options.
    3. Expand the hierarchical list when you wish to select and include only certain functionality (e.g., read-only) Permissions.

  9. Click OK when all necessary parameters are specified.

  10. The new User Role is saved to the User Roles dictionary and listed in the User Roles grid view.

New Role Form

Editing a User Role

From time to time an Instance Administrator may need to update an already defined Role to grant additional Permissions or revoke existing Permissions from all Users associated with that Role.

To edit an existing User Role:

  1. From the top-level navigation toolbar, select the Configure menu.
  2. Select Roles to open the User Roles grid view. 
  3. Apply filters, as needed, to find the User Role you wish to edit.
  4. Select the Edit button, at the top of the grid view, to open the Edit Role "Name" form.
  5. Edit the Name, Description, Scope, and/or Permissions as needed.
  6. Click the OK button to save your changes.

Important when Editing Roles

When editing an existing Role, keep in mind that any new Permissions will be immediately granted and any removed Permissions will be immediately revoked from all Users already associated with that User Role. Carefully consider the security and usability implications before editing the Permissions included in an existing Role. 

  • Use the Active Users count (i.e., link) from the Role details panel to review the active User Accounts associated with an existing User Role.

Note: If an impacted user has an active InfraLink session when Permissions are added/removed from a Role, the user must refresh their browser to see the Permission changes.

Deleting a User Role

Sometimes, an existing User Role may become obsolete. For example, you may have defined the User Role "Manager" to include a broad range of Permissions, including service management and inventory management Permissions. Later, you realize that you need to grant the service management and inventory management Permissions to different Users. In this situation, you would create two new Roles, say "Service Manager" and "Inventory Manager", thus making the previously created "Manager" Role obsolete. At that point, it would be beneficial to delete the "Manager" Role to avoid confusion and, more importantly, avoid granting unnecessarily broad Permissions to a User Account.

To delete an existing User Role:

  1. From the top-level navigation toolbar, select the Configure menu.
  2. Select Roles to open the User Roles grid view. 
  3. Apply filters, as needed, to find the User Role you wish to edit.
  4. Select the Delete button, at the top of the grid view.
  5. InfraLink will ask if you are sure you want to delete the selected entry.

  6. Select Yes to delete the selected User Role.

When a User Role is deleted, all corresponding Permissions are immediately revoked from all User Accounts associated with that Role. To prevent disruption to Users' business functions, be sure to assign replacement Roles, as discussed in the above example, before you delete a User Role.

  • Use the Active Users count (i.e., link) from the Role details panel to review the active User Accounts associated with a User Role prior to deleting it.




  • No labels