Custom Roles

Overview

Custom Roles is an optional feature in RealmJoin Portal. When enbled by glueckkanja's support, it allows you create additional RealmJoin internal roles. You can assign granular / atomic permissions to these roles and bind them to Entra groups or users.

Custom Roles are defined as JSON. The JSON editor included in RealmJoin Portal offers syntax checking and highlighting and will verify your definition against the Custom Roles JSON schema.

Using the editor

Syntax check / Errors

The editor will check the syntas as you type. If a syntax error is detected, an error message View x errors and bug icon will appear next to Save.

Click on this message to get more details about the error.

Formatting

You can auto-format the JSON by clicking Format in the upper right corner of the page.

Auto-Complete

The Editor can offer Auto-Complete known keywords (like permissions) from the schema.

You can press "Ctrl" + "Space" at any time to invoke Auto-Complete.

Rules

A role is described as a pair of permissions and users and/or groups these permissions are given to.

Roles are listed as part of an array (list) under the keyword Rules.

Example set of rules:

{
  "Rules": [
    {
      "Name": "Default: Supporters can change primary user [27e589a7]",
      "Description": "Default rule to allow members of a Supporter group to change the primary user of RealmJoin joined devices. Please keep the ID that is included its name.",
      "Groups": [
        "f31f5765-f56f-47fa-9248-ac2d77221634",
        "422e6b7c-bd99-4082-be1c-88cbc2bb2734"
      ],
      "Permissions": [
        "CanChangeRealmJoinPrimaryUser"
      ]
    },{
      "Name": "Allow John to add new Self Service Forms",
      "Users": [
        "b31f5765-f56f-47fa-9248-ac2d77221622"
      ],
      "Permissions": [
        "CanAddSelfServiceForms"
      ]
    }
  ]
}

Name and Description

Name is required, Description is optional.

Both are plain text fields (string).

Permissions

A permission is a unique string, identifying a certain action in RealmJoin Portal. Permissions is a list (array) of permissions.

See Available Permissions for a list and description of common permissions.

Groups

A list (array) of AzureAD group object IDs. Given permissions will be assigned to all users that are members of these groups.

Users

A list (array) of AzureAD user object IDs. Given permissions will be assigned to these users.

PreviousRunbook PermissionsNextAvailable Permissions

Last updated