# User Role Association

## Overview

* <code class="expression">space.vars.SITENAME</code> allows to associate roles with users defining what actions a user can perform.
* One user can have multiple Integration and Administration Roles. The permissions available to that role will be a union of permissions associated with all individual roles.
* Only users with permission **Permission Grant** can associate roles with users.
* Roles can be associated with user from **View associated roles** button in rightmost column against a given user.

<div align="center"><img src="https://818964384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK5eA7qMDBFu0HHHMDehi%2Fuploads%2Fgit-blob-54312f4853d27b623bedfb800225a9f70fc26346%2FUser_Role_Association.png?alt=media" alt="" width="1700"></div>

## Associating Administration Role to a User

* Navigate to user role association screen and click on edit icon in top right corner.

<div align="center"><img src="https://818964384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK5eA7qMDBFu0HHHMDehi%2Fuploads%2Fgit-blob-d582283d82e5cc4774b8dc22049ef33e112f4601%2FCreate_User_Role_Association.png?alt=media" alt="" width="1700"></div>

* Select roles to be associated with given user. Refer to [Permissions and Corresponding Actions](https://docs.opshub.com/v7.215/manage/administrator/role-configuration#permissions-and-corresponding-actions) section to understand which operations can be performed based on the configured role.
* Under the drop down list, only Administration roles will be available.
  * For instance, if Sync Administrator role is to be associated with user 'David Smith', it can be selected under Administration as shown below:

<div align="center"><img src="https://818964384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK5eA7qMDBFu0HHHMDehi%2Fuploads%2Fgit-blob-b153731ec4e6662938ef73c89c5ed3c2353310bd%2FUser_Role_Association_-_Adminstration.png?alt=media" alt="" width="1700"></div>

* Click on **Save** button to save user role association.

## Associating Integration Role to a User

* Navigate to User Role Association screen and click on edit icon in top right corner as shown below:

<div align="center"><img src="https://818964384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK5eA7qMDBFu0HHHMDehi%2Fuploads%2Fgit-blob-d582283d82e5cc4774b8dc22049ef33e112f4601%2FCreate_User_Role_Association.png?alt=media" alt="" width="1700"></div>

* Select roles to be associated with the given user. Refer to [Permissions and Corresponding Actions](https://docs.opshub.com/v7.215/manage/administrator/role-configuration#permissions-and-corresponding-actions) section to understand which operations can be performed based on the configured role.
* Under the drop down list, only Integration roles will be available.

<div align="center"><img src="https://818964384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK5eA7qMDBFu0HHHMDehi%2Fuploads%2Fgit-blob-1cfc674fcbc230686c54a88620ef8b08fc7fbd56%2FUser_Role_Association_-_Integration0.png?alt=media" alt="" width="1700"></div>

* Here, roles can be assigned folder-wise.
* Permissions' Inheritance in Child Hierarchy:
  * Roles associated with given folder would be inherited in entire child hierarchy of that folder.
  * Associating roles in the child folder will override roles of parent folder.
* Assigning any role in a given folder indicates that user will have **Read** access to all integration resources in that folder and its child hierarchy as well.
* Assigning any role with **Read** access to integration or mapping in a child folder indicates **Read** access to all associated mappings and systems in the parent folder.

<div align="center"><img src="https://818964384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK5eA7qMDBFu0HHHMDehi%2Fuploads%2Fgit-blob-9169dcdcd2e31c887864ee2434507a6908febcb0%2FUser_Role_Association_-_Integration.png?alt=media" alt="" width="2200"></div>

* For above configuration, the user will be able to perform the following operations:

| **Folder**               | **Actions supported**                                   |
| ------------------------ | ------------------------------------------------------- |
| Default/Parent 1         | All actions associated with **Sync Monitor** role       |
| Default/Parent 1/Child 1 | All actions associated with **Sync Monitor** role       |
| Default/Parent 1/Child 2 | All actions associated with **Sync Monitor** role       |
| Default/Parent 1/Child 3 | All actions associated with **Sync Administrator** role |
| Default/Parent 2         | All actions associated with **Sync Administrator** role |