Functional role is collection of multiple application roles. A functional role allows the user to work on multiple applications without mapping multiple groups to the application roles and assigning these multiple groups to the user.
Once you create a functional role, the server automatically creates a new group for the corresponding application role, if the application role is not mapped to any group and maps the application role to the group. You can then assign this functional role to a person to provide the required permission to the application.
Administrators can create their own functional roles to meet their specific business use case. To create a functional role, see Creating Functional roles.
The following diagram illustrates the concept of functional roles:
Benefits of functional roles
Functional roles provide the following benefits:
- Provides application permission only to users. Functional roles do not provide permissions to object definitions, such as record instances, view definitions.
- Enables you to assign multiple application roles to a person. This provides the person with permissions to access and use multiple applications.
For example, you can create a functional role Change Assignee which is a collection of multiple application roles and provides the user permissions to access multiple applications such as, Knowledge Management, Change Management, and Service Level Management.
- Eliminates the need to create new groups and the mapping between groups and application roles. The server automatically performs the task of creating a new group and mapping the group to the corresponding application role. For more information, see Server behavior.
- Enables you to develop and test the application on one server and deploy it to a number of other servers without having to redefine permissions on each server.
- You can import functional roles to a different server, without the need to create groups and mapping the groups to its application roles.