A role is a collection of privileges that you assign to a user or group. A role represents a set of privileges to access secure
MDM Hub
resources.
For users to view or manipulate a secure
MDM Hub
resource, those users must be assigned roles that grant them sufficient privileges to access the resource. Roles determine what a user is authorized to access and which tasks they can perform in the
MDM Hub
.
MDM Hub
roles are highly granular and flexible, which allows administrators to implement complex security safeguards according to the security policies of their organization. Some users, such as administrators, might be assigned a single role with access to everything. Other users, such as data stewards, might have a role with explicitly restricted privileges.
A role can also have other roles assigned to it, thereby inheriting the access privileges configured for those roles. Privileges are additive, meaning that, when you combine roles, you combine the privileges of those roles as well. For example, Role A has read privileges to an Address base object, and Role B has create and update privileges to it. If a user account is assigned Role A and Role B, then that user account will have read, create, and update privileges to the Address base object. A user account inherits the privileges configured for any role to which the user account is assigned.