|
|
|
In TRACCESS CI, there are six possible roles for employees. Each role can have up to three types of permissions as shown in the tabs of the Role Permission Set dialog.
These include:
Property Permissions - what objects the role can see
Report Permissions - which reports the role has access to (this is the only type of permissions that a Subject Matter Expert does not have access to).
Function Permissions - what specific activities the role can do
Property Permissions determine what objects and properties that a particular role can see. For example, since the Learner has access to My Job, an employee with this role can see the Process Sets, Processes, Sub Processes, Tasks and Resources. For each of these objects, the Learner can see the object's name and description. However, the Learner cannot see the properties of fellow employees - because they do not have access to the Organization Manager. Determining what a particular role can see is based on which window tree they have access to, and what is contained within that tree. When creating permission sets, the system owner can then determine if there are any of these properties that a role can see - but that should be turned off or on.
Report Permissions determine which reports that a particular role has access to. For example, a Learner only has access to the Self Qualification, Self Qualification (Compact) and the Self Training Information reports. The Reporter, Supervisor and Operational Administrator roles have access to extended reports, and the Subject Matter Expert does not have access to any report at all. If the System Owner wishes to limit the reports that a certain role can generate, they can simply disable those reports for the particular role.
Function Permissions determine what an employee in a particular role can do. The possible functions are determined by how this person would normally function in the application. For example, since a Subject Matter Expert creates Tasks and Resources, they can be given the right to delete/ purge these objects also. However, you may wish to disable that right, and leave a delete function as an exclusive System Owner right.
TRACCESS CI is installed with the following role/permission set pairs by default. These can be accessed through the Tools/ Role Permission Sets in the main menu. The default permission sets can be modified, but cannot be deleted.
Operational Administrator Role/ TTG Administrator Permission Set
Supervisor Role/ TTG Supervisor Permission Set
Learner Role/ TTG Learner Permission Set
Reporter Role/ TTG Reporter Permission Set
Subject Matter Expert Role/ TTG Subject Matter Expert Permission Set
Within TRACCESS, Roles and Permission Sets are used by different roles to achieve different purposes:
System Owners
create/ edit/ delete Permission Sets through the Tools/ Role Permission Sets from the main menu
change the permission sets per Organization Unit
Operational Administrator
create employees, assign them to the appropriate Organization Units, and assign them the appropriate role depending on their context within the Organization Unit.
change the permission sets per Organization Unit - this ability is turned off by default
Supervisor
change the permission sets per Organization Unit - this ability is turned off by default
|
|
|