Customer Scoped Roles
20180212 added the ability to define customer scoped roles. While Groups and Roles allow user permissions to be managed at the module level, some applications have permissions which span multiple modules and the permissions need a way to be linked to function correctly (e.g. a user may have incomplete access to application features if module permissions were not correctly applied to their account). To address this, a customer scoped role can be defined in the customer.xml which allows roles to be aggregated together into something coherent and cross module.
<roles allowModuleRoles="true"> <!-- External Access Roles --> <role name="External Basic"> <description>Basic role for all external users</description> <roles> <role module="admin" name="BasicUser"/> <role module="admin" name="AppUser"/> <role module="module1" name="ExternalBasic"/> <role module="module2" name="ExternalBasic"/> </roles> </role> </roles>