Roles
Roles are managed in the Edit Roles section of Person & Accounts. All Roles in SSP 7 can be viewed, added or deleted in this module.
SSP 7 Roles are added through the Edit Roles page via a link in the Person & Accounts section of the Admin Panel. Click on clip0034button to open the new Role configuration page.
Complete the following sections to add a new Role in SSP 7.
General Settings
Access Rights
List of Users
To edit a Role click on the edit button edit for the Role.
General Settings
The General Settings tab contains the following configuration setting for Roles.
Name : Enter the Title for the Role in the default language as set in SSP 7.
Description : Enter the Short Description for the Role in the default language as set in SSP 7.
Default Role: Check this box if you want this Role to be the Default Role for any User.
*New Roles must be saved before proceeding to role configuration.
Access Rights
Access rights to SSP 7 can be granted at the User or SSP 7 administration level. Access rights to end user components include Dashboard panel items as well as Processes. Access to specific Admin Panel components include rights for managing SSP 7 content and SSP 7 access. Defining SSP 7 security access involves maintenance of access rights in the following sections in the Role Access Rights administration page.
Access Rights for Categories, Topics and Forms
Providing access to forms is granted through the Access Rights for Categories, Topics and Forms section in Role administration.
The diagram below illustrates the organizational structure of Categories, Topics and Forms. At the highest level the Categories contain Topics and Topics contain Forms.
Granting access to each item follows a dependency in the hierarchical structure of Categories, Topics and Forms. In order to grant access to a Topic, the parent Category must also be granted access. Similarly, a Form that has been granted access to a Role will not be visible if the parent Topic and the parent Category for that Topic haven't been granted access.
Each Category, Topic and Form added to SSP 7 is represented by a line item in the Categories, Topics and Forms administration page in the similar organizational structure as shown in the following screen shot:
Granting access at the Category Level
At the Category level, you have the option to grant access to All Categories/Topics/Form or individual categories.
Granting Access to All Categories/Topics/Form - Selecting this options will automatically grant access to Categories, Topics and Forms that exist in SSP 7. All other selection made at the Category, Topics and Forms levels will be ignored.
Granting Access to Individual Categories - Check mark the categories to be granted access to the Role. Removing the check mark in the category will automatically remove access to all Topics and Forms in the Category that have been granted access.
Granting access at the Topic Level
Similar to the Category level, at the Topic level, you have the option to grant access to All Topics/Form that exist in the Parent Category. You also have the option to grant access to individual Topics.
Granting Access to Topics/Form in "Category name" - Selecting this options will automatically grant access to all Topics and Forms that exist in the parent category of the Topic. All other selection made at the Topics and Forms level in the parent Category will be ignored.
Granting Access to Individual Topics - Check mark the Topics to be granted access in the Category. Removing the check mark for the Topic will automatically remove access to all Forms in the Topic that have been granted access.
Granting access at the Form Level
Similar to the Category and Topic level, at the Form level, you have the option to grant access to All Forms that exist in the Parent Topic. You also have the option to grant access to individual Forms.
Granting Access to Forms in "Topic name" - Selecting this options will automatically grant access to all Forms that exist in the parent Topic of the Form. All other selection made for individual forms will be ignored.
Granting Access to Individual Forms - Check mark the Forms to be granted access in the Topic. Removing access to the parent Topic or Category the Topic belongs to will automatically remove access to all Forms in the Topic that have been granted access.
Access Rights for Views
Each View created in SSP 7 is represented by a line item in the Access Rights for Views section. It is possible to automatically grant access to all views or individual views when configuring access rights in a role.
Granting access to Views
Views can be defined for various data sources. Granting access to views is at the same level for all data sources and have no dependencies.
Granting Access to All Views - Selecting this option will automatically grant access to all Views that exist in SSP 7. Selections for individual views will be ignored.
Granting Access to individual Views - Check mark each View to be granted access to the Role.
Access Rights for auto-forms
Each auto-form created in SSP 7 is represented by a line item in the Access Rights for auto-forms section. It is possible to automatically grant access to all auto-forms or individual auto-forms when configuring access rights in a role. Additionally the role can be granted the right to create a new auto-form.
Granting access to auto-forms
By granting access to auto-forms users are able to change the content of auto-forms. The creation of new forms should be granted separately. Users that are able to change an auto-form will also be able to remove the auto-form. Please note that in order to change auto-forms, users need to have admin menu access and at least the following Admin authorizations:
Access Rights for persons groups
Each persons group created in SSP 7 is represented by a line item in the Access Rights for persons groups section. It is possible to automatically grant access to all persons groups or individual persons groups when configuring access rights in a role. Additionally the role can be granted the right to create a new persons group.
Granting access to persons groups
By granting access to persons groups users are able to change the definition of persons groups. For managers who only need to maintain members of groups, should not be granted this option. Please check the admin guide on Person groups for more information. The creation of new groups should be granted separately. Users that are able to change a persons group will also be able to remove the persons group. Please note that in order to change groups, users need to have admin menu access and at least the following Admin authorizations:
Access Rights for Processes
Each Process created in SSP 7 is represented by a line item in the Access Rights for Processes section. Here, access can be granted to create new processes, maintain all or various existing processes and manage submitted instances of processes.
There are multiple levels for giving access to processes. Below is an overview of each level:
Right to create new process: when this option is checked, this role allows the creation of new processes without any oversight from higher level administrators.
Admin (edit process): This is the highest right on processes and gives users the possibility to edit or delete the process. Submitted process instances can be searched for and edited.
Read Access to Open Tickets: Existing and pending tickets of the Process can be searched for and viewed by the user.
Read Access to Closed Tickets: Closed tickets of the Process can be searched for and viewed by the user.
Write Access to Open Tickets: Existing and pending tickets of the Process can be searched for and edited by the user. The edit function gives users the ability to approve on behalf of any user and the possibility to restart a process on a certain step.
Write Access to Closed Tickets: Closed tickets of the Process can be searched for and edited by the user. The edit function gives users the ability to approve on behalf of any user and the possibility to restart a process on a certain step. Closed processes can be reopened.
Rights for Admin Panel
Each Admin Page in the Admin Panel of SSP 7 is represented by a line item in the Access Rights for Admin Panel section. Add a check mark to grant access to a specific admin page. Creating Roles with specific admin rights to manage SSP 7 content and access will allow the distribution of administration responsibility to the appropriate content owners of SSP 7.
Granting access to administration pages in Admin Panel
Admin Pages for managing SSP 7 components are listed in alphabetical order by page name.
Granting Access to All Admin Pages - Selecting this options will automatically grant access to all Admin Pages in the Admin Panel. All other options will be ignored when this is selected.
Granting Access to individual Admin Pages. The table below is showing what kind of access is granted per option:
Access Rights for datastore parameters
Each datastore parameter created in SSP 7 is represented by a line item in the Access Rights for datastore parameters section. It is possible to automatically grant access to all datastore parameters or individual datastore parameters when configuring access rights in a role.
Granting access to datastore parameters
By granting access to parameters users are able to change the content of datastore parameters. The creation of new parameters can't be granted separately. Users that are able to change a datastore parameter will also be able to remove the datastore parameter. Please note that in order to change datastore parameters, users need to have admin menu access and at least the following Admin authorizations:
List of Users
List of assigned users to Roles can be viewed in List of Users page of Role administration. This page allows view, add and delete access to users granted access to the related Role. When a user is delete from a role, this will have no impact on the person record itself, only the relation with the role is deleted. Users are assigned to roles via the Add user section or through the user management web page.
Deleting Roles
Last updated
