Maintaining User Roles

13.6. Maintaining User Roles

User roles define the responsibilities of typical system users, such as underwriters or accountants. Each user role contains one or more use cases that define its allowable business function. Users are in turn assigned to one or many user roles.

SICS is delivered with the predefined System Administrator role, which contains all cases.

The User Role tab of the Access Security Manager window displays all user roles defined in the system.

1_select_sys_administrator.png

The right mouse button pop-up menu lets you choose between:

  • New to create a new user role. Creating a new user role can be achieved by using the information in this section of the guide.
  • View to open a detail viewer on the selected user role showing the role’s use cases, members, and associated notes. You can change the name of a user role by clicking the Edit button in the View User Role window and you can change the Security Environment. You can also assign use case access rights to user categories.
  • Delete to delete a user role. Note! When constructing user roles, it can be helpful to assign the use case “Security Administration” to the role you are defining. By doing this you will be able to log in as a user assigned only to the role you are working on, test the role and then go directly to the “Access Security Manager” to change the contents of the role. After you have done your changes, click the Refresh button to update and test the security settings.

Remember that the use case “Security Administration” to a user role gives users assigned to this role the ability to change all their access levels, so this use case should be removed when you are finished constructing the role!

View User Role #

All user roles are listed on the User Roles tab on the Access Security Manager. When you double-click a user role in the display list, you see the details for that user role in the View User Role window.

2_view.png

From the View User Role window, you can do the following:

  • Assign access rights to the user roles
  • Define Security Environement
  • View access rights for specific user roles
  • Define and view domain restrictions to user roles
  • Assign and view members of user role categories

It is possible to indicate for which Security Environment the Security User Role shall be valid when the assigned user is working in the online system, through web services or both. When a user logs into the online system, only the assigned User Roles valid for ‘SICS Workstation and SysAdmin’ shall apply. When a user access the system through web services, only the assigned User Roles valid for ‘SICS API Server’ shall apply. If a user is granted access both to online system and web services, but with different combination of Access Rights, two separate Security User Roles need to be assigned per Security Environment, one for ‘SICS API Server’ and one for ‘SICS Workstation and SysAdmin’. Where granted access both to online system and web services, with same combination of Access Rights one role for Security Environment ‘All’.

View and Assign Access Rights #

The first tab you see on the View User Role window is the Access Rights tab. From here you can assign access rights to user roles.

You can also view access rights by selecting View from the right mouse pop-up menu and then selecting one of the following from the sub pop-up:

  • Local Access Rights, to view the access rights of the user role that appears in the User Role Name field at the top of the window.
  • All Access Rights, to view the access rights of all assigned user roles that appear in the Assigned User Role display.
  • Access Rights of Selected Role, to view the access rights of a role that you selected from the display list.

When you click the Access Rights For title bar, you see the Column View, Sorting & Extraction window, which lets you sort and organize what you are viewing in the window. For more information on the Column View, Sorting & Extraction window, refer to Layout and Organization of Display Lists in the Getting Started chapter of the SICS User’s Guide.

Assign Members #

When you click the Members tab in the View User Role window, you see a list of all users who have been assigned to that role. Click the right mouse button and select Assign Members to add members. You see the Assign Users to User Role window where you can move users from the Available Users list to the Members list to include members. (Or, exclude members by moving them from the Members list to the Available Users list.)

Assign Access Rights To User Role #

Assigning access rights to a user role enables all users of the selected user role to perform the functions defined by the selected access rights.

To assign access rights to user roles:

  1. Click the User Roles tab in the Access Security Manager window. You see a list of valid user roles.
  2. Select a user role from the list, and select View from the pop-up menu (or double-click the user role from the list). You see the View User Role window.
  3. Click the Edit button to see the Assign Access Rights for User Role window.
  4. Click the Assign User Roles tab.

3_assign_access_rights.png

This window allows you to assign use case access rights to the user category, assign user roles and build hierarchies of user roles. The bottom part of the window lists the use casesthat are assigned to the user role you are editing and shows which access rights the role is given for each of the assigned use cases.

Assign Use Cases #

Follow steps 1-3 explained earlier under Assign Access Rights to User Roles.

The Available Use Cases display list shows all use cases (except the selected one). Selecting a use case from this list enables or disables the corresponding use case access rights. You can then select one or more of the enabled access rights and click the down-arrow button. The selected use case is transferred from the Available Use cases list to the Assigned Use Cases list on the bottom of the window.

If you select a use case from the Assigned Use Cases display list, you can then select Modify Access Rights from the pop-up menu.

You see an Edit Access Rights in User Role window. Once a use case has been added to the Assigned Use Cases list, its access rights can be modified from here. If all access rights are cleared, the result is the use case being removed from the user role.

4_edit_access_rights.png

Assign User Roles #

Click the Assign User Roles tab to assign other User Roles to the role. By adding other User Roles to the role you are editing, the role will include Use Cases in these roles.

5_assign_user_roles.png

To add user role access rights, select roles from the Available list, and move them to the Selected list by clicking the right arrow button. (Or, double-click them.) To remove user role access rights, move them back from the Selected list to the Available list.

Note! Assigning additional user roles to a role will increase the security level for the user connected to this role. Use cases in the assigned roles will be joined together to form a larger set. This does not apply for Domain Restrictions. Domain Restrictions behave oppositely of use cases. While use cases grant access to business functions, Domain Restrictions block access to business functions and values entered into the system. Therefore adding use cases containing Domain Restrictions to a user role will reduce access rights.

Delete User Role #

User roles that have never been allocated to users can be deleted. This is determined by the has_been_used field:

  • Has Been Used = false: the role is allowed to be deleted.
  • Has Been Used = true: the role cannot be deleted.

Inactive User Role #

User roles that are assigned to users are not allowed to be inactivated, while user roles that are not assigned to any user are allowed to be inactivated. Once a user role is inactivated, it cannot have members assigned to it until it is activated again.

Additional Security #

This tab will be available only on the SICS Life system and only when the Accounting system paramter Accounting-> Worksheet-> Enable Summary Account on Technical Worksheet’ is selected.

6_View_user_roles.png

Allow Actual Account Administrator: Selecting this flag will give the user the rights to the options Add New Booking and Delete bookings on the Actual Account tab of a technical worksheet. When this flag is not selected, the options Add New Booking and Delete will be disabled

Allow Import of Sub SOA file: Selecting this flag will give the user the rights to import the Sub SOA through the option ‘Import Sub SOA’ on a technical worksheet. When this flag is not selected, the option to import the Sub SOA will not be available.