Assigning privileges to groups and roles

By default, each new group or role has no privileges. This means that the system administrator must specify which privileges are actually available to each new group and role so that they can access only the parts of the system that are relevant to them, and so that they can perform only the actions that are relevant to them.

You can set access at four levels: the module level (for example, Request Management), the business object level (for example, Assignment) and the action level (for example, Complete) and attribute level (for example, Salary).

When you make a level unavailable, then all child items (if any) are removed from view. You cannot set privileges for an unavailable business object.

When you make a module or business object available that was marked as unavailable, the change of status is not transferred to the child items. You must then set the status individually for the child items.

When you make a business object available, then you can assign the following privileges for all of the actions associated with it:

  • Execute – you can create a new instance of the available action.
  • Read – you can view instances of the business object action but you cannot modify it.
  • Update – you can modify an existing instance of the business object action.
  • Delete – you can remove an existing instance of the business object action (this option is available on only Non-Process related items).

You cannot modify the privileges for the Analyst | Administrator role. Also, only the SA user can modify the privileges in the Human Resources module.

To allocate or change group and role privileges:
  1. Select the specific Group or Role in the User Management tree, then on the Actions list, click Privileges.
    The Privilege tree appears.
  2. Expand the Privilege tree, then double-click the item for which you want to set privileges.
    The privileges list appears.

  1. Set the relevant privilege by double-clicking it.
    The icon switches between (available) and (unavailable). indicates that privileges are not applicable for that item. The privileges are set immediately.

Right-clicking the privilege list gives a menu with the following options:

Apply to Column – applies the state for the selected privilege to every privilege in that column on the current page.

Apply Row to All – applies the state for each of the Execute, Read, Update (and Delete where applicable) privileges in the selected row to each row on the page. This means that every privilege on the page will be the same as the selected item. For example, all set to .

The Apply to Column and Apply Row to All options are available only when there is more than one privileged item on the current page.

Apply to Page – applies the state for the selected privilege to every privilege on the page.