App Role Scopes

Scope

Description

Example

Folder

Assignment of user/group to a Folder scope role will be at the folder level. For each folder, the role assignment can be different. Anyone assigned to a role for that folder are granted the role privileges. For example, John is assigned to a Supervisor role on Case Folder A, but not Case Folder B. John can access Case Folder A, but not folder B.

Unique to the Folder scope is the One User Only checkbox. Select this option to restrict this role to a single user. If unchecked, multiple users/groups can be assigned to the role on a folder.

Case Type

Assignment of user/group to a Case Type scope role occurs at the Case Type level. All case folders under that Case Type will have the same permissions specified to the Case Type role. For example, John is assigned a Supervisor role on the Appraisal Case Type. John now has Supervisor role permissions on all Appraisal folders.

Unique to this folder is the Restrict access control within user’s office checkbox. Selecting this option restricts the user to only view case folders created in their office. The user cannot see other case folders from other offices. For example, User John (belonging to Office MD) is assigned a Supervisor Case Type role, this checkbox restricts John’s Supervisor access to Appraisal folders with the MD Action Office. John will not have access to Appraisal folders with the VA Actions Office

Application

Assignment of user/group to Application scope role will be at the App level. All case folders that belong to the Application have the same permissions specified to the Application role. For example, User John is assigned a Supervisor Application Role. John how has Supervisor permissions on all case folders under all Case Types in the application. Generally Application Roles are used grant access on all folder for System Owners or Application Roles (without any permissions on folders) are used to control the role based dashboards for users.