Role
Overview
The Role entity represents a specific position, responsibility, or function that a person may hold within the
organization. Roles are used to define access levels and permissions for personnel. Each role consists of a set of
permissions and required security levels, which determine what actions a person assigned to that role can perform.
If role requirement is ANY_OF then a person only needs one of the specified security levels to gain all of the
permissions associated with the role. If set to ALL_OF then a person must have all of the specified security
levels to gain the permissions associated with the role.
Table Structure
The following table outlines the SQL columns for the personnel_roles table, providing a brief description of each, along with
sample data where applicable.
| Column | Type | Description | Example |
|---|---|---|---|
id | String (ULID) | Unique identifier for the role. | 01JAP8RJBN-8ZTPXSGY-J9GSDPE1 |
enabled | Boolean | If the entity is enabled or not. | true |
created_date | DateTime | Date the entity was created. | 2024-12-31T19:48:44Z |
created_by | String | Person who created the entity. | TamakiMES |
modified_date | DateTime | Date the entity was modified. Value is null upon creation, and gets initially populated upon the first edit. | 2024-12-31T19:48:44Z |
modified_by | String | Last person to modify the entity. Value is null upon creation, and gets initially populated upon the first edit. | TamakiMES |
notes | String | Notes about the entity. | This entity has these extra notes |
spare1 | String | The first spare column that can be used for additional context on the entity. | some extra context 1 |
spare2 | String | The second spare column that can be used for additional context on the entity. | some extra context 2 |
spare3 | String | The third spare column that can be used for additional context on the entity. | some extra context 3 |
security_levels | String (CSV) | Comma-separated list of Ignition security levels required for this role. | Authenticated/Roles/Administrator,SecurityZones/Warehouse |
permissions | String (CSV) | Comma-separated list of MES permissions granted by this role. | MATERIALS.WRITE,INVENTORY.READ |
role_requirement_type | Enum | Specifies if all or any security levels are required to grant permissions. See below. | ALL_OF |
Field Details
security_levels
Comma-separated list of Ignition security levels required for this role. Example: Authenticated/Roles/Administrator,SecurityZones/Warehouse.
Security levels are hierarchical, so specifying a higher-level security level will also satisfy requirements for any
lower-level security levels. For example, if a role requires Certification/Warehouse/Operation, a user with
Certification/Warehouse will also satisfy that requirement.
permissions
Comma-separated list of MES permissions granted by this role. Example: MATERIALS.WRITE,INVENTORY.READ.
Permissions are hierarchical, so if a user is granted a higher-level permission, they will also have access to any
lower-level permissions. For example, if a user has permission for INVENTORY.WRITE, they will also have permission for
MATERIALS.WRITE.CONSUME`.
role_requirement_type
Specifies if all security levels are required (ALL_OF) or if at least one is sufficient (ANY_OF) to grant the permissions. This uses the RoleRequirementType enum.
RoleRequirementType enum values:
ALL_OF: All listed security levels are required.ANY_OF: At least one listed security level is required.