Difference between revisions of "User Role"

From SmartWiki
Jump to: navigation, search
 
(18 intermediate revisions by one other user not shown)
Line 1: Line 1:
{{Banner-UnderConstruction}}
 
 
 
 
__TOC__
 
__TOC__
  
Line 16: Line 13:
 
* [[Role Permissions]] - permission a role to be able to set other roles. For example, a sales role may be able to change a '''Suspect '''role to a '''Prospect '''role, but not a '''Customer '''or '''Employee '''role. 
 
* [[Role Permissions]] - permission a role to be able to set other roles. For example, a sales role may be able to change a '''Suspect '''role to a '''Prospect '''role, but not a '''Customer '''or '''Employee '''role. 
 
* [[Importing Organizations or Contacts Association|Associations]] - When you use the [[Associations]] feature to associate a contact with an organization to which they are not a contact, you use a '''role '''to show the relationship between the organization and the person. 
 
* [[Importing Organizations or Contacts Association|Associations]] - When you use the [[Associations]] feature to associate a contact with an organization to which they are not a contact, you use a '''role '''to show the relationship between the organization and the person. 
* Within {{UTA}}s, roles are used to define a context-specific role for a person - for example, a customer may be playing the role of '''Project Leader, '''but only for a specific project.
+
* Within {{UTA}}s, roles are used to define a context-specific role for a person - for example, a customer may be playing the role of '''Project Leader, '''but only for a specific project. Even more commonly, a '''Staff '''Role might have administrative permissions to a specific {{UTA}} only. See [[UTA role]] for more information about roles that are permissioned for UTA-only. 
 
* [[Workflows Overview]] - you are able to reference the role in a collaborative workflow step; for instance, you can specify that everyone with the '''Executive '''Role would need to approve a document before the system can forward its distribution. 
 
* [[Workflows Overview]] - you are able to reference the role in a collaborative workflow step; for instance, you can specify that everyone with the '''Executive '''Role would need to approve a document before the system can forward its distribution. 
  
Line 24: Line 21:
 
* You can define any number of roles.
 
* You can define any number of roles.
 
* You can associate a single user with any number of roles.
 
* You can associate a single user with any number of roles.
* Only a [[Global User Administrator|System Administrator]] can define roles.
+
* It is recommended for security reasons that only a [[Global User Administrator|System Administrator]] can define roles.
 
* Once a role is created, the administrator associates users with those roles. 
 
* Once a role is created, the administrator associates users with those roles. 
  
Line 31: Line 28:
 
===The Everyone Role===
 
===The Everyone Role===
 
A single, important, built-in role is the '''Everyone '''role. Every contact will be a member of the '''Everyone '''role regardless of the other roles that are created and assigned to them. You are able to set a menu for the '''Everyone '''role, but unlike the other roles, you cannot create a [[Portals|portal]] for everyone, or provide access to [[Reports|reports]] to the '''Everyone '''role. 
 
A single, important, built-in role is the '''Everyone '''role. Every contact will be a member of the '''Everyone '''role regardless of the other roles that are created and assigned to them. You are able to set a menu for the '''Everyone '''role, but unlike the other roles, you cannot create a [[Portals|portal]] for everyone, or provide access to [[Reports|reports]] to the '''Everyone '''role. 
 +
 +
* Leaving permissions blank anywhere (''excluding ''the [[Security Matrix]] will presume '''View '''and '''Edit '''access for everyone, provided there is no [[Status Lock]] in place).
 +
* If there are [[Status Lock]]s in place, the default for any user would be '''View '''access, unless they have '''Override Lock '''enabled (e.g. the [[Global User Administrator|System Administrator]]). 
  
 
=Configuration - Essentials=
 
=Configuration - Essentials=
Line 45: Line 45:
 
5. A list of roles available to the system will be displayed; if you want to edit a role, click the '''pencil icon '''next to the name of the role. To create a new role, click the '''New '''button (+ icon). 
 
5. A list of roles available to the system will be displayed; if you want to edit a role, click the '''pencil icon '''next to the name of the role. To create a new role, click the '''New '''button (+ icon). 
  
:: [[Add new role.png|800px|border]]
+
:: [[File:Add new role.png|800px|border]]
 
 
 
==Creating a Role==
 
==Creating a Role==
There are only two fields that need to be defined in order to create a role: the name of the role and a narrative description. 
+
There are only two fields that need to be defined in order to '''create''' a role: the name of the role and a narrative description. 
  
 
:: [[File:New role.png|600px|border]]
 
:: [[File:New role.png|600px|border]]
==Editing or Creating a Role==
+
However, it is best practice to fill out as many of the fields as possible, with as much explanatory detail as possible. Role settings are described below: 
To edit a Role, take the following steps:
+
 
 +
{| class="wikitable"
 +
|-
 +
||'''Role Name'''
 +
||The unique name of this user role.
 +
|-
 +
||'''Caption'''
 +
||The caption of this user role; this is the name of the role as it appears throughout the system. If you prefer to change the name of a role, changing the caption will accommodate this.
 +
|-
 +
||'''Description'''
 +
||The narrative description of the role.
 +
|-
 +
||'''Role Formula'''
 +
||The role formula sets a calculation that is performed whenever a contact record possessing this role is saved. See [[Role Formula]] for more information and instructions.
 +
|-
 +
||'''Two Factor Authentication'''
 +
||Enable two factor authentication for this role if required.
 +
|-
 +
||'''Enable Menu Icon'''
 +
||This will display a menu icon on the right of the screen for this role. 
 +
|-
 +
||'''Internal User Role Only'''
 +
||If set, then this role can only be added to [[Internal]] users. [[External]] users will not have the option to be associated with this role. 
 +
|-
 +
||'''UTA Role Only'''
 +
||This will mean that the created role is relevant only relative to records in a {{UTA}}. See [[UTA Roles]] for more information. If this option is toggled on, then the role created will not be able to be assigned to a contact's profile, but rather will be selected as a role only when that contact is assigned to a UTA record.
 +
|}
 +
: Once you are done filling out the general edit fields for creating a new user role, click the '''Save '''button at the bottom.
 +
When a user is added to a role, the role will be visible on the role list of that user's [[profile]].
 +
 
 +
: [[Image:Roleimage1.JPG|800px|border]]
 +
==Permissioning Roles==
 +
:: [[File:New role permissions.png|600px|border]]
 +
Clicking into the second tab of the '''New Role''' page will display the permissions for that role.
 +
{| class="wikitable"
 +
|-
 +
||'''Able to Set '''
 +
||This controls the roles that a user can add or remove when configuring other users. Typically, only [[Global User Administrator|System Administrators]] are given rights to set all roles.
 +
|-
 +
||'''Able to Activate'''
 +
||This controls the roles that a user must have before the current user can activate their user account.
 +
|-
 +
||'''Able to Set Password'''
 +
||This controls the roles that a user must have before the current user can manually set their password. For example, if you are looking at a user who has the role '''Applicant, '''but you can only set the password for the role '''Researcher, '''then you will not be able to see or access the '''Set Password '''button from the '''Applicant '''user's [[profile]]. 
 +
|-
 +
||'''Able to Edit Email Address'''
 +
||This controls the roles that a user must have before the current user can edit their email address. For example, if you are looking at a user who has the role of '''Applicant, '''but you can only edit the email address for those with the role '''Researcher, '''then when you access the '''Applicant '''user's [[profile]] you will only be able to see a '''Read-Only '''version of the Email Address [[Standard Fields|standard field]]. 
 +
|}
 +
==Menu Settings for Roles==
 +
When you '''Edit '''an existing role, or after you create and '''Save '''a new role, the page will reload and display a left hand menu that gives you access to different features of the role.
 +
 
 +
:: [[File:Roles side menu.png|160px|border]]
 +
{| class="wikitable"
 +
|-
 +
||'''Main'''
 +
||This will display the main details associated with the specific role, including the '''General '''page of fields as well as the '''Permissions '''that you can set for this role.
 +
|-
 +
||'''Current Users'''
 +
||This will display a list of current users associated with this role. From the current user tab, you are able to [[User Role#Remove or Add from Current Users|add or remove users]]. 
 +
|-
 +
||'''Custom Fields'''
 +
||This will display a list of the [[Custom Fields]] associated with this role. You are able to add new custom fields by simply clicking the '''+ icon '''on the top of the list.
 +
|-
 +
||'''Portal'''
 +
||
 +
This will allow you to enable the [[Portals|portal]] associated with this specific role. You are able to activate the role-specific portal, set its priority, set its logo, and a template if necessary. 
 +
 
 +
If you enable the '''Portal '''option for this role, then a new '''Menu '''tab will display on the left hand side menu. 
 +
 
 +
|-
 +
||'''Menu'''
 +
||
 +
This displays all the tools and features of the [[SmartSimple]] system that you can choose from to display for this role's [[Menu and Roles|menu]]. Simply select the items that you do not want to appear and click '''Save.'''
 +
 
 +
|-
 +
||'''Shortcuts'''
 +
||Shortcuts can be configured depending by role either by as a Common Shortcut (for all roles) or on individual basis (for specific roles). For more information, see [[Portals#Shortcuts|Shortcuts]]. 
 +
|-
 +
||'''Reports'''
 +
||This will display a list of any [[Reports]] that the role is associated with. 
 +
|-
 +
||'''News Feed'''
 +
||News feed refers to any transactions or information pulled from integrations - for example, through OFAC check, [[Transactions]], and more. For more information, see [[:Category:Integrations|Category: Integrations]]. 
 +
|}
 +
==Remove or Add from Current Users==
 +
You are also able to '''Add '''or '''Remove '''users in bulk when you access the '''Current Users '''section of the role's '''Edit Page, '''using the '''Add User '''button.
 +
 
 +
1. Click into the '''Current Users '''tab from the left hand side menu. The list of current users, if any, are displayed.
  
# Click on [[Roles & Permissions|Roles and Security]] (located on the [[Configuration Menu]] on the left-hand navigation bar)
+
2. Click the '''+ '''icon on the top left that will allow you to add new users to this role. 
# Click on the hyperlink for User Roles
 
# Click the ''Edit'' button next to the role you wish to edit, or click on the ''New'' button to create a new Role.
 
  
For detailed instructions on creating a role, see the [[Creating User Roles]] page.
+
3. The '''Add User to Role '''screen will launch, with [[Advanced Search|Search]] options including the ability to select certain roles as the results of the search. 
  
==Role Settings==
+
* '''Tip: '''If this is a brand new [[instance]], there may be no users in any role - in that case change the role field in the search options to '''No Role Assigned.'''
[[Image:EditRoleButtonsNoHeader.png|link=]]<br />
 
The following buttons are displayed at the top of each ''Edit Roles'' page:
 
  
* '''Back''' - navigates the user back to the list of all User Roles
+
:: [[File:Add user to role.png|800px|border]]
* '''New''' - opens a new Edit Roles page for the creation of a new User Role
+
4. Select all of the users that you would like to associate with this role.
* '''Menu''' - sets menu permissions for User Role. See [[Menus and Roles]] for further information.
 
* '''Portal''' - see [[Creating a Role Based Portal]] for detailed instructions.
 
* '''Custom Fields''' - see [[Role Based Custom Fields]] for detailed instructions.
 
* '''Reports''' - presents a list of [[reports]] in the system for which access can be granted to the selected Role. See [[Assigning Multiple Reports to a Role]] for further information.
 
  
The following settings are available on the General tab of the ''Edit Roles'' page:
+
5. Click the '''Add '''button. 
  
* '''Role Name''' - The unique name of the Role.
+
To '''Remove Users from a Current Role'''simply go to the list of current users and select the names of the users who you would like to remove from the role. Once at least one user is selected, new buttons will appear at the top of the list that give you the ability to '''remove users. '''
* '''Caption '''- The name of the role as it appears throughout the system.  If you prefer to change the name of a role, changing the caption will accommodate this.
 
* '''Description''' - Narrative description of the role.
 
* '''Role Formula''' - Sets a calculation that is performed whenever a contact record possessing this role is saved. See [[Role Formula]] for instructions.
 
* '''Two Factor Authentication''' - enable Two Factor Authentication if required.
 
* '''Enable Menu Icon''' - Displays a Menu Icon on the right of the screen for this Role.
 
* '''UTA Role Only''' - Role that is only relevant relative to records in a [[UTA|Universal Tracking Application™]]. See [[UTA Role]]s for more information. If selected, the role will not be able to be assigned to a contact's profile, but will be able to be selected as a role when a contact is assigned to a UTA record.
 
* '''Internal User Role Only''' - if set then this role can only be added to Internal users,
 
  
 +
:: [[File:Remove roles.png|350px|border]]
 +
Click '''Yes '''when the confirmation message appears if you are certain that you want to remove the selected user(s) from the role.  
  
: When a user is added to a role, the role will be visible on the role list of that user's [[profile]].
+
=See Also=
: [[Image:RoleOnProfile.png|link=|750px]]
+
* [[User]]
==See Also==
+
* [[Roles and Security Settings]]
* [[Creating User Roles]]
+
* [[Security Matrix]]
  
 
[[Category:Roles]]
 
[[Category:Roles]]

Latest revision as of 12:37, 27 February 2023

Overview

User Roles are a key feature of SmartSimple: they are defined in the system by System Administrators to categorize users and to provide the basis for setting Role Based Security permissions. The majority of your configuration needs will be using role-based security settings. 

The Key Control Element - Roles

Roles have the ability to control the following features within your SmartSimple system: 

  • The Administration Interface menu - the menu items displayed in the administrative interface are controlled by the user role. Some users will see different menu items than other users, depending on their allocated role. 
  • Portal Interface - you can create a specific portal view for people in a specific role, overriding the display of the administrative interface.
  • Role Based Custom Fields - you can gather different information for different roles through role-specific custom fields. 
  • Manager Permissions - manager permissions in all applications and key features are associated with specific roles. These Manager permissions will give them higher levels of access and functionality to that feature than other user roles. 
  • Role Permissions - permission a role to be able to set other roles. For example, a sales role may be able to change a Suspect role to a Prospect role, but not a Customer or Employee role. 
  • Associations - When you use the Associations feature to associate a contact with an organization to which they are not a contact, you use a role to show the relationship between the organization and the person. 
  • Within s, roles are used to define a context-specific role for a person - for example, a customer may be playing the role of Project Leader, but only for a specific project. Even more commonly, a Staff Role might have administrative permissions to a specific only. See UTA role for more information about roles that are permissioned for UTA-only. 
  • Workflows Overview - you are able to reference the role in a collaborative workflow step; for instance, you can specify that everyone with the Executive Role would need to approve a document before the system can forward its distribution. 

Notes on Roles

Prior to adding many users to SmartSimple, it is important to define roles: 

  • You can define any number of roles.
  • You can associate a single user with any number of roles.
  • It is recommended for security reasons that only a System Administrator can define roles.
  • Once a role is created, the administrator associates users with those roles. 

Always make sure that the role is defined prior to Importing Users or adding users via Auto Loader. Both methods provide features that will prompt you to select one or more roles for the users that you are uploading.

The Everyone Role

A single, important, built-in role is the Everyone role. Every contact will be a member of the Everyone role regardless of the other roles that are created and assigned to them. You are able to set a menu for the Everyone role, but unlike the other roles, you cannot create a portal for everyone, or provide access to reports to the Everyone role. 

  • Leaving permissions blank anywhere (excluding the Security Matrix will presume View and Edit access for everyone, provided there is no Status Lock in place).
  • If there are Status Locks in place, the default for any user would be View access, unless they have Override Lock enabled (e.g. the System Administrator). 

Configuration - Essentials

Accessing Roles

To access the list of roles available in your copy of SmartSimple, follow these steps:

1. Click on the 9-square menu icon on the top right of your page.

052919 MenuIcon.png 

2. Under the heading Configuration, select Roles and Security.

4. Click on the hyperlink for User Roles.

5. A list of roles available to the system will be displayed; if you want to edit a role, click the pencil icon next to the name of the role. To create a new role, click the New button (+ icon). 

Add new role.png

Creating a Role

There are only two fields that need to be defined in order to create a role: the name of the role and a narrative description. 

New role.png

However, it is best practice to fill out as many of the fields as possible, with as much explanatory detail as possible. Role settings are described below: 

Role Name The unique name of this user role.
Caption The caption of this user role; this is the name of the role as it appears throughout the system. If you prefer to change the name of a role, changing the caption will accommodate this.
Description The narrative description of the role.
Role Formula The role formula sets a calculation that is performed whenever a contact record possessing this role is saved. See Role Formula for more information and instructions.
Two Factor Authentication Enable two factor authentication for this role if required.
Enable Menu Icon This will display a menu icon on the right of the screen for this role. 
Internal User Role Only If set, then this role can only be added to Internal users. External users will not have the option to be associated with this role. 
UTA Role Only This will mean that the created role is relevant only relative to records in a . See UTA Roles for more information. If this option is toggled on, then the role created will not be able to be assigned to a contact's profile, but rather will be selected as a role only when that contact is assigned to a UTA record.
Once you are done filling out the general edit fields for creating a new user role, click the Save button at the bottom.

When a user is added to a role, the role will be visible on the role list of that user's profile.

Roleimage1.JPG

Permissioning Roles

New role permissions.png

Clicking into the second tab of the New Role page will display the permissions for that role.

Able to Set  This controls the roles that a user can add or remove when configuring other users. Typically, only System Administrators are given rights to set all roles.
Able to Activate This controls the roles that a user must have before the current user can activate their user account.
Able to Set Password This controls the roles that a user must have before the current user can manually set their password. For example, if you are looking at a user who has the role Applicant, but you can only set the password for the role Researcher, then you will not be able to see or access the Set Password button from the Applicant user's profile
Able to Edit Email Address This controls the roles that a user must have before the current user can edit their email address. For example, if you are looking at a user who has the role of Applicant, but you can only edit the email address for those with the role Researcher, then when you access the Applicant user's profile you will only be able to see a Read-Only version of the Email Address standard field

Menu Settings for Roles

When you Edit an existing role, or after you create and Save a new role, the page will reload and display a left hand menu that gives you access to different features of the role.

Roles side menu.png
Main This will display the main details associated with the specific role, including the General page of fields as well as the Permissions that you can set for this role.
Current Users This will display a list of current users associated with this role. From the current user tab, you are able to add or remove users
Custom Fields This will display a list of the Custom Fields associated with this role. You are able to add new custom fields by simply clicking the + icon on the top of the list.
Portal

This will allow you to enable the portal associated with this specific role. You are able to activate the role-specific portal, set its priority, set its logo, and a template if necessary. 

If you enable the Portal option for this role, then a new Menu tab will display on the left hand side menu. 

Menu

This displays all the tools and features of the SmartSimple system that you can choose from to display for this role's menu. Simply select the items that you do not want to appear and click Save.

Shortcuts Shortcuts can be configured depending by role either by as a Common Shortcut (for all roles) or on individual basis (for specific roles). For more information, see Shortcuts
Reports This will display a list of any Reports that the role is associated with. 
News Feed News feed refers to any transactions or information pulled from integrations - for example, through OFAC check, Transactions, and more. For more information, see Category: Integrations

Remove or Add from Current Users

You are also able to Add or Remove users in bulk when you access the Current Users section of the role's Edit Page, using the Add User button.

1. Click into the Current Users tab from the left hand side menu. The list of current users, if any, are displayed.

2. Click the icon on the top left that will allow you to add new users to this role. 

3. The Add User to Role screen will launch, with Search options including the ability to select certain roles as the results of the search. 

  • Tip: If this is a brand new instance, there may be no users in any role - in that case change the role field in the search options to No Role Assigned.
Add user to role.png

4. Select all of the users that you would like to associate with this role.

5. Click the Add button. 

To Remove Users from a Current Role, simply go to the list of current users and select the names of the users who you would like to remove from the role. Once at least one user is selected, new buttons will appear at the top of the list that give you the ability to remove users. 

Remove roles.png

Click Yes when the confirmation message appears if you are certain that you want to remove the selected user(s) from the role.  

See Also