PingOne

Adding an application role

Add application roles to group application permissions by function, then control access to application resources by assigning roles to users.

Before you begin

About this task

Roles determine which permissions a user has. A user can perform an action on an application resource if they have a role with the associated permission.

You can add up to 128 application roles in each PingOne environment.

Steps

  1. Go to Authorization > Application Roles.

  2. Click the icon next to Application Roles.

  3. Enter a unique Application Role Name and an optional Description. Click Next.

    The name can include Unicode letters, marks, numbers, spaces, forward slashes, dots, apostrophes, underscores, and hyphens, with a maximum length of 20 characters.

    Example:

    For example, you could add an Invoicing Processor role for the BizPro invoicing application to give Invoicing Processors permissions to read, write, pay, and update invoices.

    Screen capture showing the Application Role Name and Description fields in the Add Application Role window.
  4. Select the permissions that you want to assign to the role.

    Permission names list the application resource and action separated by a colon. For reference, the PingOne resource associated with the application resource is displayed next to the checkbox.

    Screen capture showing selected permission checkboxes in the Assign Permissions window.
  5. Click Next.

  6. Select the users that you want to assign to the role.

    Result:

    Selected users will have the permissions that are assigned to the role.

    Screen capture showing selected user checkboxes in the Add User window.
  7. Click Save.

Next steps

Add additional roles and assign users to grant them the permissions assigned to the roles.

For example, in the BizPro invoicing application, Billing Supervisors might need permissions to read and void invoices. Add a Billing Supervisor role and assign the Invoices:Read and Invoices:Void permissions to it.