Roles
Last updated
Was this helpful?
Last updated
Was this helpful?
Roles are managed in the Edit Roles section of Person & Accounts. All Roles in SSP 7 can be viewed, added or deleted in this module.
SSP 7 Roles are added through the Edit Roles page via a link in the Person & Accounts section of the Admin Panel. Click on clip0034button to open the new Role configuration page.
Complete the following sections to add a new Role in SSP 7.
General Settings
Access Rights
List of Users
To edit a Role click on the edit button edit for the Role.
The General Settings tab contains the following configuration setting for Roles.
Name : Enter the Title for the Role in the default language as set in SSP 7.
Description : Enter the Short Description for the Role in the default language as set in SSP 7.
Default Role: Check this box if you want this Role to be the Default Role for any User.
*New Roles must be saved before proceeding to role configuration.
Access rights to SSP 7 can be granted at the User or SSP 7 administration level. Access rights to end user components include Dashboard panel items as well as Processes. Access to specific Admin Panel components include rights for managing SSP 7 content and SSP 7 access. Defining SSP 7 security access involves maintenance of access rights in the following sections in the Role Access Rights administration page.
Providing access to forms is granted through the Access Rights for Categories, Topics and Forms section in Role administration.
The diagram below illustrates the organizational structure of Categories, Topics and Forms. At the highest level the Categories contain Topics and Topics contain Forms.
Granting access to each item follows a dependency in the hierarchical structure of Categories, Topics and Forms. In order to grant access to a Topic, the parent Category must also be granted access. Similarly, a Form that has been granted access to a Role will not be visible if the parent Topic and the parent Category for that Topic haven't been granted access.
Each Category, Topic and Form added to SSP 7 is represented by a line item in the Categories, Topics and Forms administration page in the similar organizational structure as shown in the following screen shot:
At the Category level, you have the option to grant access to All Categories/Topics/Form or individual categories.
Granting Access to All Categories/Topics/Form - Selecting this options will automatically grant access to Categories, Topics and Forms that exist in SSP 7. All other selection made at the Category, Topics and Forms levels will be ignored.
Granting Access to Individual Categories - Check mark the categories to be granted access to the Role. Removing the check mark in the category will automatically remove access to all Topics and Forms in the Category that have been granted access.
Similar to the Category level, at the Topic level, you have the option to grant access to All Topics/Form that exist in the Parent Category. You also have the option to grant access to individual Topics.
Granting Access to Topics/Form in "Category name" - Selecting this options will automatically grant access to all Topics and Forms that exist in the parent category of the Topic. All other selection made at the Topics and Forms level in the parent Category will be ignored.
Granting Access to Individual Topics - Check mark the Topics to be granted access in the Category. Removing the check mark for the Topic will automatically remove access to all Forms in the Topic that have been granted access.
Similar to the Category and Topic level, at the Form level, you have the option to grant access to All Forms that exist in the Parent Topic. You also have the option to grant access to individual Forms.
Granting Access to Forms in "Topic name" - Selecting this options will automatically grant access to all Forms that exist in the parent Topic of the Form. All other selection made for individual forms will be ignored.
Granting Access to Individual Forms - Check mark the Forms to be granted access in the Topic. Removing access to the parent Topic or Category the Topic belongs to will automatically remove access to all Forms in the Topic that have been granted access.
Each View created in SSP 7 is represented by a line item in the Access Rights for Views section. It is possible to automatically grant access to all views or individual views when configuring access rights in a role.
Views can be defined for various data sources. Granting access to views is at the same level for all data sources and have no dependencies.
Granting Access to All Views - Selecting this option will automatically grant access to all Views that exist in SSP 7. Selections for individual views will be ignored.
Granting Access to individual Views - Check mark each View to be granted access to the Role.
By granting access to auto-forms users are able to change the content of auto-forms. The creation of new forms should be granted separately. Users that are able to change an auto-form will also be able to remove the auto-form. Please note that in order to change auto-forms, users need to have admin menu access and at least the following Admin authorizations:
Each Process created in SSP 7 is represented by a line item in the Access Rights for Processes section. Here, access can be granted to create new processes, maintain all or various existing processes and manage submitted instances of processes.
There are multiple levels for giving access to processes. Below is an overview of each level:
Right to create new process: when this option is checked, this role allows the creation of new processes without any oversight from higher level administrators.
Admin (edit process): This is the highest right on processes and gives users the possibility to edit or delete the process. Submitted process instances can be searched for and edited.
Read Access to Open Tickets: Existing and pending tickets of the Process can be searched for and viewed by the user.
Read Access to Closed Tickets: Closed tickets of the Process can be searched for and viewed by the user.
Write Access to Open Tickets: Existing and pending tickets of the Process can be searched for and edited by the user. The edit function gives users the ability to approve on behalf of any user and the possibility to restart a process on a certain step.
Write Access to Closed Tickets: Closed tickets of the Process can be searched for and edited by the user. The edit function gives users the ability to approve on behalf of any user and the possibility to restart a process on a certain step. Closed processes can be reopened.
Each Admin Page in the Admin Panel of SSP 7 is represented by a line item in the Access Rights for Admin Panel section. Add a check mark to grant access to a specific admin page. Creating Roles with specific admin rights to manage SSP 7 content and access will allow the distribution of administration responsibility to the appropriate content owners of SSP 7.
Granting access to administration pages in Admin Panel
Admin Pages for managing SSP 7 components are listed in alphabetical order by page name.
Granting Access to All Admin Pages - Selecting this options will automatically grant access to all Admin Pages in the Admin Panel. All other options will be ignored when this is selected.
Granting Access to individual Admin Pages. The table below is showing what kind of access is granted per option:
Admin Option
Description
Adapters
Configure integration adapters and user data.
Admin
General option for getting the Admin menu option.
Auto-Form Overview
Bulk uploads
Get access to Bulk Uploads. Users still need Admin access to Processes in order to use Bulk Uploads.
Categories
List all categories. Individual rights on categories will not affect the access in this admin page.
Category Detail
View, modify and remove categories. Individual rights on categories will not affect the access in this admin page.
Dashboard
Change settings on the dashboard.
Datastore
List all datastore parameters.
Datastore Parameter Detail
eCar Car Detail
eCar specific access.
eCar Car Overview
eCar specific access.
eCar General Settings
eCar specific access.
eCar Location Detail
eCar specific access.
eCar Location Overview
eCar specific access.
eCar Logging & Reporting
eCar specific access.
eCar Process Settings
eCar specific access.
Email Overview
See the queue of emails sent by SSP.
External App Detail
View and modify external apps.
External Apps
List external apps.
Field Detail
View, modify and remove fields from forms.
Form Detail
View, modify and remove forms from topics.
General
Change the general settings within SSP.
MyItems Export
Export data from the MyItems database.
MyItems Import
Import data into the MyItems database.
MyItems Settings
Change MyItems settings.
Person Detail
Change the settings and preferences of individual users.
Person Group Overview
Persons
List and search Persons in the SSP database.
ProcessOverview
Reporting
See reports on the usage of SSP.
Role Detail
View, modify and remove roles.
Roles
List all roles.
ServiceGroups
Add, modify and remove Service Groups within MyItems.
TaskDetail
See the details of tasks.
Tasks
List all tasks.
TemplateProcessEmail
Modify email templates for all processes.
Topic Detail
Add and modify topic details.
Topics
List, add and remove topics.
Translation Detail
Modify all application labels in all languages.
Translations
List all application labels.
View Detail
Add and modify view details.
Views
List, add and remove views. Additional view settings have no influence on which views can be edited.
Webstore Item Types
Add, modify and remove Item Types.
Webstore Items
Add, modify and remove Items.
Webstore Services
Add, modify and remove Services.
Webstore Settings
Add, modify and remove Settings.
Webstore Shops
Add, modify and remove Shops.
Webstore Vendors
Add, modify and remove Vendors.
By granting access to parameters users are able to change the content of datastore parameters. The creation of new parameters can't be granted separately. Users that are able to change a datastore parameter will also be able to remove the datastore parameter. Please note that in order to change datastore parameters, users need to have admin menu access and at least the following Admin authorizations:
Use the button to save the changes, or use the button to discard any changes.
Each created in SSP 7 is represented by a line item in the Access Rights for auto-forms section. It is possible to automatically grant access to all auto-forms or individual auto-forms when configuring access rights in a role. Additionally the role can be granted the right to create a new auto-form.
Each created in SSP 7 is represented by a line item in the Access Rights for persons groups section. It is possible to automatically grant access to all persons groups or individual persons groups when configuring access rights in a role. Additionally the role can be granted the right to create a new persons group.
By granting access to persons groups users are able to change the definition of persons groups. For managers who only need to maintain members of groups, should not be granted this option. Please check the admin guide on for more information. The creation of new groups should be granted separately. Users that are able to change a persons group will also be able to remove the persons group. Please note that in order to change groups, users need to have admin menu access and at least the following Admin authorizations:
View, modify and remove auto-forms. Additional to auto-forms should be configured.
View, modify and remove parameters. Additional to parameters should be configured to be able to edit parameters.
List all Person Groups, depending on authorizations, groups can be edited here.
List all authorized Processes. Additional to processes should be configured to see processes here.
Each created in SSP 7 is represented by a line item in the Access Rights for datastore parameters section. It is possible to automatically grant access to all datastore parameters or individual datastore parameters when configuring access rights in a role.
List of assigned users to Roles can be viewed in List of Users page of Role administration. This page allows view, add and delete access to users granted access to the related Role. When a user is delete from a role, this will have no impact on the person record itself, only the relation with the role is deleted. Users are assigned to roles via the Add user section or through the web page.
The list with users is showing a maximum of 100 persons. When more people are linked to the role, the search function can be used to search for a specific person or all users can be exported in an excel sheet by clicking the button.
Deleting Roles is performed in the edit Roles page via link in the Person & Accounts section of the Admin Panel. Click on the delete button in the action column for the Role to be deleted. A message will open to verify the deletion of the Role. Select "Ok" to permanently delete the Role from the database.
