Persons & Accounts
Access Control involves the task of creating, mapping, changing and organizing users and role information. The Person & Accounts section of the Admin Panel provides you with a central place to perform these tasks.
After users and roles have been created, you can grant access to users by assigning them to roles. Roles contain the security access information to components of SSP 7. Access to specific components of SSP 7 is performed by granting rights to a Role. Be aware that configuring additional access to a role will affect all the users that are assigned to that role. For a more flexible security environment, multiple roles can be created with specific access to groups of categories, topics or views. A user can be assigned to multiple roles.
SSP 7 supports the automatic assignment of Roles to users, based on information in external systems like LDAP. For that RoleSets are used. RoleSets have a unique name (keyword) and one or multiple Roles linked to them. When the Unique Name of a RoleSet is found in a selected LDAP or SD4.5 field, the roles defined with that RoleSet are automatically granted to the user.
Groups allow to form a set of individual users. These Groups can be used as Actors in a Process Step, and are also used to distribute Granular Ticket Access.
The Person & Accounts screen is opened by clicking on the links Manage Persons, Edit Roles, Edit RoleSets or Manage Groups in the Person & Accounts section of the Admin Panel.
Managing Persons
Users are managed in the Manage Persons section of Person & Accounts. All person and accounts in SSP 7 can be searched, viewed, added or deleted in this module.
Possible actions on this page:
Search User : clip0019: Search for an existing User.
Add a new User.
Edit : Change the details of the selected User.
Delete : Delete the selected User.
Person Settings
Complete the following sections to add a new person in SSP 7.
Person Settings
Account Settings
Out of Office
Delegates
Favorites
Roles
Access rights overview
Groups
To edit a user, search for the user and click on the user to open the user settings.
Person Settings
Account Settings
The user login and password is defined in the Account Settings page. There are no restrictions for the login or password format.
Out of Office
To activate a delegate, who will receive all tasks and will act on an user`s behalf that is out of office, select the first checkbox option, define the out of office period and choose one of the user's delegates from the drop down list. Please find more information on how to add a delegate under Delegates page.
Delegates
On the 'Delegates' tab, Users can create a list of Delegates for processes and for MyItems. They can then assign tasks to them, ad-hoc or permanent, or when they are Out of the Office.
Process delegates are used to reassign process actions to other people. This can be done manually in specific process steps, or permanent through out-of-office or permanent delegation.
My Items delegates: My Items delegates are used to give people the possibility to check the items of another users and perform actions on it.
Favorites
The following options are available on this page:
Current Favorites :The existing list of Favorites; Users can remove items from this list, by clicking on the delete button.
Add Favorite : Users can add new external Favorites manually, by completing the Name (shown on screen) & the Link. Internal favorites can be added by clicking on the addtomyfavortites button, which is visible in Topics, Forms and Shops.
Roles
The column with Dynamic roles is read-only and shows which roles are assigned to an user based on the RoleSet of the user. Removing roles that have the indicator Dynamic Role set, will not have influence, as this role is assigned again to the user when the user logs back into SSP.
Access Rights Overview
The goal is to see all rights a user has. The page is added to admin > Edit person. A new tab is added, after ‘Roles’. This will display all the access rights this user has, based on his Roles, Granular ticket access
The listing is to be organized as follows:
Forms & Shops
Columns:
Form Name – Form ID –Category – Topic - Type of access right – Source
Category: the SSP Category to which the Topic belongs
Topic: the Topic in which the form is created
Type of access right: if the user has no access, the form should not be listed in this overview
Source: this is the name of the Role or GTA set from which the user acquired this access
Possibly add if the user has the role directly or via a Group
Processes
Columns
Process Name – ID – Type of access right – source
Datastore Parameters
Columns
Parameter Name – ID – source
Views
Columns
View Name – source
Auto-Forms
Columns
AutoForm Name – type of access – source
Person Groups
Columns
Group Name – Source
Administration pages
AdminPage Name – source
Navigation Items
Item name - source
All results are also exportable to excel.
Groups
An overview of which groups a user is a member of. It is also possible to edit the mailing option for each group for the user and to add additional groups to the user's list.
Disabling an user account
You can disable any user account through the Admin panel. You must be logged on as an administrator to have the appropriate rights to disable accounts. Accounts that are no longer valid should be disabled as a standard security measure. For more information please see the User Access Control for detailed information on managing user accounts.
To disable an user account
In the Admin panel Click on "Manage Persons" in the Person & Accounts option.
Find the user to be disabled in Search User option and in the Action column of the user, select the "Edit" edit button.
Select the "Roles" tab.
In the Access column, uncheck any checked roles to remove all access to SSP 7. clip0032
Click clip0020or OK. clip0020will save your changes, but will remain on this screen. OKwill save your changes and return to User List. Use the clip0022button to discard any changes.
Last updated