|
OfficeClip implements two kinds of security for its applications:
-
Role-based- Access privileges for a certain action,
such as creating a timesheet or deleting a document.
-
Object-based- Permissions for individual users or roles to
read, write, append, or delete an OfficeClip object.
An OfficeClip role created by an administrator, is a named grouping of
privileges, along with the OfficeClip members who are assigned to the
role. In the event that roles are not defined for a group or a member is
not assigned to a role, OfficeClip automatically assigns privileges according
to the "All Members" role, which cannot be deleted by an admin (however, the
admin can set the privileges in this role, which will then act as a default
set of privileges for all new members or members not assigned to a
role). The pre-defined "Administrators" role cannot be deleted, and all
access privileges are given to this role. By design, a when a member is in
more than one role, the member's privileges for any given action take on the
most restrictive access. The following scenario illustrates this
concept:
Bob is a member of the role "Sales" as well as the
role "Marketing." Among other privileges, Sales has the "Create New
Alerts" access privilege:
 Sales role
given the "Create New Alerts" privilege.
However, the group admin removed this privilege
from the Marketing role:
Marketing
role is not given the "Create New Alerts" privilege.
When Bob goes to the alerts application, the
New Alert menu item will be unavailable because the Marketing role does
not have the permission to create new alerts.
To create and configure a new role, follow these steps:
-
Click the Privileges link on the Home Page.
-
Click Create New Role on the Privileges page. This will start the wizard
that allows you to create the role, define the role access privileges, and then
assign users to that role.
-
Type in a name and an optional description for the role and click Create.
-
The Role Privileges screen allows you to define the access funtions that the
role has. All members of this role will have the privileges that are
checked. Please note that if the "All Members" role is selected, the
access privileges that are selected will apply to ALL new members, including
members not yet assigned to a role. In addition, the privileges in
the "Administrator" role cannot be changed, as administrators have all access
privileges. After selecting the privileges that are assigned to a
role, click Submit.
-
By default, a newly-created role has no users defined for it. The Role Users
screen allows the administrator to select which users in the group belong to
the role. To place a user in the role, select a user by clicking on the user's
name in the left pane. Multiple users can be selected by holding down the Ctrl
key while clicking each user's name.
-
After the desired user or users are selected, click the ">" button to
place the user(s) in the role. Similarly, users can be removed from the role by
selecting and clicking the "<" button. Clicking ">>" or "<<"
will select and move ALL users from the left to right or right to left panes
respectively. Click the Submit button to save the role
users selection.
|