Custom Roles
Administrators can create custom roles with fine-grained instrument-level access control. Custom roles allow scoping a user's capabilities to specific instruments, categories, origins, and risk levels — providing precise control over what each user can do.
Each custom role is configured with the following fields:
- Name — a unique identifier for the role
- Description — a summary of what the role is intended for
- Allowed instruments — a whitelist of instruments the role grants access to
- Allowed categories — restrict access to specific instrument categories
- Allowed origins — restrict access by origin:
internal,plugin,dynamic, orplatform_service - Max risk level — the highest risk level permitted, ranging from
ReadOnlythroughCritical - Access mode — the access mode granted by the role
- Denied instruments — a blacklist of instruments that are explicitly blocked even if they would otherwise be allowed
Once created, custom roles can be assigned to users from the user management dialog, providing a flexible way to grant scoped permissions tailored to each user's responsibilities.
Role Hierarchy
Hefty uses a role hierarchy to determine each user's level of access:
| Role | Access |
|---|---|
owner | Full system access, user management |
admin | Full system access, user management |
| Custom role | Scoped instrument access based on role configuration |