Persons & Accounts

Access Control involves the task of creating, mapping, changing and organizing users and role information. The Person & Accounts section of the Admin Panel provides you with a central place to perform these tasks.

After users and roles have been created, you can grant access to users by assigning them to roles. Roles contain the security access information to components of SSP 7. Access to specific components of SSP 7 is performed by granting rights to a Role. Be aware that configuring additional access to a role will affect all the users that are assigned to that role. For a more flexible security environment, multiple roles can be created with specific access to groups of categories, topics or views. A user can be assigned to multiple roles.

SSP 7 supports the automatic assignment of Roles to users, based on information in external systems like LDAP. For that RoleSets are used. RoleSets have a unique name (keyword) and one or multiple Roles linked to them. When the Unique Name of a RoleSet is found in a selected LDAP or SD4.5 field, the roles defined with that RoleSet are automatically granted to the user.

Groups allow to form a set of individual users. These Groups can be used as Actors in a Process Step, and are also used to distribute Granular Ticket Access.

The Person & Accounts screen is opened by clicking on the links Manage Persons, Edit Roles, Edit RoleSets or Manage Groups in the Person & Accounts section of the Admin Panel.

Managing Persons

Users are managed in the Manage Persons section of Person & Accounts. All person and accounts in SSP 7 can be searched, viewed, added or deleted in this module.

Possible actions on this page:

Search User : clip0019: Search for an existing User.
Add a new User.
Edit : Change the details of the selected User.
Delete : Delete the selected User.

Person Settings

A new SSP 7 user is added through the Manage Users page via a link in the Person & Accounts section of the Admin Panel. To add a new person click on the button.

Complete the following sections to add a new person in SSP 7.

Person Settings
Account Settings
Out of Office
Delegates
Favorites
Roles
Access rights overview
Groups

To edit a user, search for the user and click on the user to open the user settings.

Person Settings

For new users, enter the First Name, Last Name and Email address. Click on the button to save the new user record. It is required that you save the user before proceeding to the next step. If the new user does not want to receive emails, the "Blacklisted" box needs to be checked. An alternative user can be selected instead to receive emails intended for the "blacklisted" user.

Use the button to save the changes and remain on this screen, or use the button to save your changes and return to the Overview screen, or use the button to discard any changes.

Account Settings

The user login and password is defined in the Account Settings page. There are no restrictions for the login or password format.

Enter a login and Password. Click on . Select an Authentication method (System Default; SSP7 Internal; LDAP or SD 4.5), Language and Date Setting for the user in the Section Personal Settings and proceed to the Roles page.

Use the button to save the changes and remain on this screen, or use the button to save your changes and return to the Overview screen, or use the button to discard any changes.

Out of Office

To activate a delegate, who will receive all tasks and will act on an user`s behalf that is out of office, select the first checkbox option, define the out of office period and choose one of the user's delegates from the drop down list. Please find more information on how to add a delegate under Delegates page.

Use the button to save the changes and remain on this screen, or use the button to save your changes and return to the Overview screen, or use the button to discard any changes.

Delegates

On the 'Delegates' tab, Users can create a list of Delegates for processes and for MyItems. They can then assign tasks to them, ad-hoc or permanent, or when they are Out of the Office.

Process delegates are used to reassign process actions to other people. This can be done manually in specific process steps, or permanent through out-of-office or permanent delegation.

My Items delegates: My Items delegates are used to give people the possibility to check the items of another users and perform actions on it.

Favorites

On the 'Favorites' tab, Users can manage their personal list of Favorites, which are displayed on the Dashboard. Favorites can be added from the portal, by using the button at the bottom of every topic, shop & form :

The following options are available on this page:

Current Favorites :The existing list of Favorites; Users can remove items from this list, by clicking on the delete button.
Add Favorite : Users can add new external Favorites manually, by completing the Name (shown on screen) & the Link. Internal favorites can be added by clicking on the addtomyfavortites button, which is visible in Topics, Forms and Shops.

Roles

The Roles page displays a list of available roles that can be assigned to users. A user is assigned a Role by selecting the checkbox in the Access column for the Role. More than one Role can be assigned to an user. Click on to save the changes.

The column with Dynamic roles is read-only and shows which roles are assigned to an user based on the RoleSet of the user. Removing roles that have the indicator Dynamic Role set, will not have influence, as this role is assigned again to the user when the user logs back into SSP.

Access Rights Overview

The goal is to see all rights a user has. The page is added to admin > Edit person. A new tab is added, after ‘Roles’. This will display all the access rights this user has, based on his Roles, Granular ticket access

The listing is to be organized as follows:

Forms & Shops

Columns:

Form Name – Form ID –Category – Topic - Type of access right – Source

Category: the SSP Category to which the Topic belongs

Topic: the Topic in which the form is created

Type of access right: if the user has no access, the form should not be listed in this overview

Source: this is the name of the Role or GTA set from which the user acquired this access

Possibly add if the user has the role directly or via a Group

Processes

Columns

Process Name – ID – Type of access right – source

Datastore Parameters

Columns

Parameter Name – ID – source

Views

Columns

View Name – source

Auto-Forms

Columns

AutoForm Name – type of access – source

Person Groups

Columns

Group Name – Source

Administration pages

AdminPage Name – source

Navigation Items

Item name - source

All results are also exportable to excel.

Groups

An overview of which groups a user is a member of. It is also possible to edit the mailing option for each group for the user and to add additional groups to the user's list.

Disabling an user account

You can disable any user account through the Admin panel. You must be logged on as an administrator to have the appropriate rights to disable accounts. Accounts that are no longer valid should be disabled as a standard security measure. For more information please see the User Access Control for detailed information on managing user accounts.

To disable an user account

In the Admin panel Click on "Manage Persons" in the Person & Accounts option.
Find the user to be disabled in Search User option and in the Action column of the user, select the "Edit" edit button.
Select the "Roles" tab.
In the Access column, uncheck any checked roles to remove all access to SSP 7. clip0032
Click clip0020or OK. clip0020will save your changes, but will remain on this screen. OKwill save your changes and return to User List. Use the clip0022button to discard any changes.

PreviousWeb Services NextRoles

Last updated 2 years ago