You can create custom user roles and configure privileges for them in your organization. You can control access to assets, attributes, and features of business applications for each custom user role in your organization. For example, you can control a custom user role to view records but not update or edit the records.
The system-defined roles include predefined access privileges in the Administrator and you cannot change them. The custom user roles are not predefined and you can create them based on the specific requirements of your organization. You can't delete system-defined roles but you can delete custom roles. You can also control the specific tasks that a custom user role can perform in your organization. For example, you can authorize a custom user role to import data into Customer 360.
You can use the Administrator to create custom user role and assign permissions at the asset level. You can then fine-tune the permissions on the Security page of Business 360 Console. The authorizations that you configure in Administrator works in conjunction with the authorizations that you configure on the Security page.
Note: After you configure privileges for custom user roles on the Security page, ensure that you don't rename user roles in Administrator. If you rename user roles, MDM SaaS removes all the configured privileges.
You can clone a predefined user role in Administrator to create a custom user role. However, these custom user roles can't perform all the tasks that a predefined user role can perform in your organization. For example, Designer or MDM Designer user roles can configure business applications but custom user roles can't configure business applications. If you clone the Designer or MDM Designer user role to create a custom user role, the cloned custom user role can't configure business applications. Similarly, if you manually assign all the privileges of predefined user roles to custom user roles, the custom user roles might not be able to perform all the tasks that these predefined user roles can perform. To enable a user to perform a specific task, ensure that you assign the custom user role and other required user roles to the user along with the required privileges to perform that task. For example, to enable a user to perform file import, assign the custom user role and the Business360ProcessExecutor user role along with the required privileges on the Security page and Administrator.
For more information about the required user roles and privileges for a user to perform file import, see File Import.
Note: If you modify the permissions at the asset level in Administrator, the system automatically synchronizes the modifications on the Security page of Business 360 Console on an hourly basis.