Security Groups
Overview
Security groups are the basic structure through which the nVIRO system manages users' ability to access resources and edit data. As shown in the diagram below, the system contains a set of roles, which provide permissions to carry out certain actions in the system. These roles are grouped together in various combinations to create security groups. Users are then added to one or more security groups to provide them with the sum total of the permissions that are contained within those groups.
Security Groups are managed on the Security Groups and Edit Security Group pages, discussed below. User membership in security groups is managed on the User Details page.
View Security Groups
The Security Groups list page is accessed via the Administration menu. It provides a list of all of the security groups in the system. As with other list pages in the system, the list can be sorted and filtered using the column headers and filter fields at the top of the columns. Each row in the list contains Open and Copy buttons and a Delete button (trash can), which allow the user to open a group for editing, copy (and then edit) a group, and delete a group.
The following fields appear on the Security Groups page:
Field | Description |
---|---|
Name | The name of the security group. |
Description | A description of the security group. |
User Account Type | The account type to which the security group applies—either internal or external. |
User Count | The number of user accounts in the system that are currently members of the security group. |
Open | Opens the Edit Security Group page for the security group. |
Copy | Creates a copy of the group and opens the Copy Security Group page. |
Delete (Trash can) | Deletes the security group. |
Edit a Security Group
On the Edit Security Group page, a security administrator can edit various attributes of a security group, including the group name, the description, the account type that the group applies to, and the roles that make up the group.
Security Group Roles
To add a role to the security group, click the "Add Role" dropdown list and select the role to add from the list of available roles. Only roles that are not already in the security group will be listed in the dropdown list.
Extreme care should be taken when changing any security settings, including adding users to security groups, or adding roles to or removing roles from security groups. Incorrect configuration can create security vulnerabilities and/or lead to loss of data. Only authorized security administrators should change security group settings.
By adding or removing roles to or from a security group, an nVIRO administrator can tweak the ability of users within that group to better match staff responsibilities at the agency. For example, in some agencies, permitting staff and compliance staff have distinct and separate responsibilities whereas, in other agencies, there might be more overlap. In this latter case, the administrator might need to extend the base permissions of the permitting-related security groups to provide access to compliance functions that aren’t normally available to users in that group.
Role Scope and Workgroups
Roles provide different levels of access to specific record types. Workgroup level roles work in combination with user workgroup membership to determine user access.
Role | Permissions |
---|---|
Evaluations - Manager - Mine | This permission gives a user access to the active evaluation that he/she is assigned to as the processor or via assigned tasks. |
Evaluations - Manager - Workgroup | This permission gives a user access to any active evaluation assigned to a workgroup in which they are a member. |
Evaluations - Manager - Global | This permission gives a user access to any active evaluation in the system. |
Evaluations - Administrator | This permission gives a user access to any evaluation in the system regardless of status |
Depending on the organizational approach most staff would at least be provided access to their own assigned work, and may be provided full workgroup level access. Some organizations may wish to limit workgroup level access to one or two people in a workgroup such as supervisor.
Copy a Security Group
Once common way to customize the permissions for a particular group of users is to copy an existing security group and make changes to the new, copied group, leaving the original group unchanged. (This assumes, of course, that there isn’t already an existing security group available that would accomplish the same objective.) For example, if three users in an existing security group need additional permissions that should not be available to the group as a whole, the administrator can make a copy of the existing group, give it a new name, and add the additional permissions to the new group only. The three users could then be placed into that security group.
To copy a security group, click the Copy button on the Security Groups page. This will open the Copy Security Group page, which looks and functions the same as the Edit Security Group page described above.
Delete a Security Group
To delete a security group, click the Delete (trash can) icon on the Security Groups page. When a security group is deleted, it will be removed from the group membership list of all users that were in that group.
Care should be taken when deleting security groups, as it might result in users no longer having access to system resources they need.
Viewing your own Security Group membership
To view the security groups that your user account is a member of
Hover over your name in the toolbar
The text will change to Profile & Settings
Click Profile and Settings
Your user profile will be displayed
Click the Groups tab at the top of the screen
The list of security that you are a member of will be displayed