- Created by John Bosco , last modified by John Kostakos on Dec 15, 2019
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 16 Next »
Overview
Security groups are the basic structure through which the nVIRO system manages users' ability to access resources and edit data. As shown in the diagram below, the system contains a set of roles, which provide permissions to carry out certain actions in the system. These roles are grouped together in various combinations to create security groups. Users are then added to one or more security groups to provide them with the sum total of the permissions that are contained within those groups.
Security Groups are managed on the Security Groups and Edit Security Group pages, discussed below. User membership in security groups is managed on the User Details page.
View Security Groups
The Security Groups list page is accessed via the Administration menu. It provides a list of all of the security groups in the system. As with other list pages in the system, the list can be sorted and filtered using the column headers and filter fields at the top of the columns. Each row in the list contains Open and Copy buttons and a Delete button (trash can), which allow the user to open a group for editing, copy (and then edit) a group, and delete a group.
The following fields appear on the Security Groups page:
Field | Description |
---|---|
Name | The name of the security group. |
Description | A description of the security group. |
User Account Type | The account type to which the security group applies—either internal or external. |
User Count | The number of user accounts in the system that are currently members of the security group. |
Open | Opens the Edit Security Group page for the security group. |
Copy | Creates a copy of the group and opens the Copy Security Group page. |
Delete (Trash can) | Deletes the security group. |
Edit a Security Group
On the Edit Security Group page, a security administrator can edit various attributes of a security group, including the group name, the description, the account type that the group applies to, and the roles that make up the group.
Security Group Roles
To add a role to the security group, click the "Add Role" dropdown list and select the role to add from the list of available roles. Only roles that are not already in the security group will be listed in the dropdown list.
Extreme care should be taken when changing any security settings, including adding users to security groups, or adding roles to or removing roles from security groups. Incorrect configuration can create security vulnerabilities and/or lead to loss of data. Only authorized security administrators should change security group settings.
The "General Public" security group should never be edited or deleted, as this is required for various system functions.
For basic read-only access an internal user must belong to a workgroup that has at least the following roles:
- Basic - Internal User - Provides view access for any user to non-administrative screens and documents.
- Documents - Viewer - Provides view to any documents that are not confidential
- Security - Manage User Profile - Mine - Provides the internal user access to his/her profile via the User Profile screen
Role Scope and Workgroups
Roles provide different levels of access to specific record types. Workgroup level roles work in combination with user workgroup membership to determine user access.
Role | Permissions |
---|---|
Evaluations - Manager - Mine | This permission gives a user access to the active evaluation that he/she is assigned to as the processor or via assigned tasks. |
Evaluations - Manager - Workgroup | This permission gives a user access to any active evaluation assigned to a workgroup in which they are a member. |
Evaluations - Manager - Global | This permission gives a user access to any active evaluation in the system. |
Evaluations - Administrator | This permission gives a user access to any evaluation in the system regardless of status |
Copy a Security Group
Once common way to customize the permissions for a particular group of users is to copy an existing security group and make changes to the new, copied group, leaving the original group unchanged. (This assumes, of course, that there isn’t already an existing security group available that would accomplish the same objective.) For example, if three users in an existing security group need additional permissions that should not be available to the group as a whole, the administrator can make a copy of the existing group, give it a new name, and add the additional permissions to the new group only. The three users could then be placed into that security group.
To copy a security group, click the Copy button on the Security Groups page. This will open the Copy Security Group page, which looks and functions the same as the Edit Security Group page described above.
Delete a Security Group
To delete a security group, click the Delete (trash can) icon on the Security Groups page. When a security group is deleted, it will be removed from the group membership list of all users that were in that group.
Care should be taken when deleting security groups, as it might result in users no longer having access to system resources they need.
Viewing your own Security Group membership
To view the security groups that your user account is a member of
- Hover over your name in the toolbar
- The text will change to Profile & Settings
- Click Profile and Settings
- Your user profile will be displayed
- Click the Groups tab at the top of the screen
- The list of security that you are a member of will be displayed
- No labels