Interpret Roles and Permission Sets

In TRACCESS CI, there are six possible roles for employees.  Each role can have up to three types of permissions as shown in the tabs of the Role Permission Set dialog.  

For a full listing of all the permissions, and their definitions, click here, and access the Role Permissions worksheet of the attached spreadsheet.

These include:

Property Permissions

Property Permissions determine what objects and properties that a particular role can see.  For example, since the Learner has access to My Job, an employee with this role can see the Process Sets, Processes, Sub Processes, Tasks and Resources.  For each of these objects, the Learner can see the object's name and description.  However, the Learner cannot see the properties of fellow employees - because they do not have access to the Organization Manager.  Determining what a particular role can see is based on which window tree they have access to, and what is contained within that tree.  When creating permission sets, the system owner can then determine if there are any of these properties that a role can see - but that should be turned off or on.

Report Permissions

Report Permissions determine which reports that a particular role has access to.  For example, a Learner only has access to the Self Qualification, Self Qualification (Compact) and the Self Training Information reports.  The Reporter, Supervisor and Operational Administrator roles have access to extended reports, and the Subject Matter Expert does not have access to any report at all.  If the System Owner wishes to limit the reports that a certain role can generate, they can simply disable those reports for the particular role.

Function Permissions

Function Permissions determine what an employee in a particular role can do.  The possible functions are determined by how this person would normally function in the application.  For example, since a Subject Matter Expert creates Tasks and Resources, they can be given the right to delete/ purge these objects also.  However, you may wish to disable that right, and leave a delete function as an exclusive System Owner right.  

Configuring Permission Sets

TRACCESS CI is installed with the following role/permission set pairs by default.  These can be accessed through the Tools/ Role Permission Sets in the main menu.  The default permission sets can be modified, but cannot be deleted.

 

Within TRACCESS, Roles and Permission Sets are used by different roles to achieve different purposes: