Security Roles
Security Roles are used to assign privileges to a user. Different Security Roles allow the administrator to determine a user’s access to view and modify data in the OneVizion® system. For example, administrators may choose to set up a Security Role for a group within the organization. The members of the group may require access to fields/tabs that most other users would not require.
Administration
Users will need access to the Security Group: ADMIN_SECURITY_ROLES, ADMIN_USERS
Configuring the Application Grid
Use the view options and filter parameters to select the data elements to be displayed on the Administer Security Roles page. Once configured, the administrator may save the settings to local or global view options and filter.
The system administrator will probably configure some view options and filters during the implementation of the system. Before beginning configuring a new Administer Security Roles page, always check to see if a view option or filter for the task already exists.
Users may 'Pin' features to their command bar by using the ellipsis menu.
Adding a Security Role
To add a new security role click the Add Icon, . Most of these tabs correspond directly to tabs on the Edit User applet. Most of the tabs on the Add Security Role applet will be empty. As Security Groups are added to the Security Role, the tabs will be populated with corresponding components.
Of the 5 Security Privileges (Read, Add, Edit, Delete & None), the first 4 are additive, and “None” is subtractive. So, assigning any of the first 4 to a Security Role gives a user with that security role those privileges on the relevant Tab, Trackor, etc. However, the “None” subtractive privilege overrides the other privileges – if a security role has the “None” privilege, then all users assigned to that role will not be able to access or manipulate an object regardless of if they have privileges from another Security Role.
User security settings are refreshed every 1 minute.
General Info Tab
The General Info Tab contains the general information about the Security Role such as the name and description as well as the default privileges and assignments. Privileges and assignments are granted whenever a new component is created. An administrator would need access to every component as it is created. A general user role (e.g., sales, vendor/subcontractor) would not have full default privileges, instead, the administrator would grant to their role as needed. For example, all roles that have Applet Read will automatically be able to read any new applet.
General Info Tab
Field Name | Field Description |
---|---|
Security Role* | Contains the name of the Security Role |
Description | Contains a description of the Security Role. (up to 50 characters) |
Components Packages | Contains a list of Component Packages that can be assigned to the Security Role. |
Default Sections: Default Privs, Default Assignments, Default Lock Privs | Contains the Privileges and Assignments that can be granted whenever a new component is created. This should be limited to Administrator roles. |
Security Groups Tab
The Security Groups tab contains a list of all of the Security Groups within the OneVizion system (e.g., Applet, Import, Notification Type, Relation, Report, Rule, Tab, WorkFlow) available for a Security Role. This is where the Read, Edit, Add, and Delete privileges are stored for a given OneVizion object.
When a Security Group is assigned to a User, the associated checkboxes will be colored blue. To change an assignment check the checkbox and click Apply. The checkbox will then be colored green indicating it is a User exception. To mass assign, an exception click the Select/Deselect All Icon, , in the column headers. When left unchecked all Privileges assigned and click Apply, the None checkbox will automatically be checked. To expand a row to view the Privilege description for a specific Security Group click the Expand Information Icon, . To restore the row click the now blue Expand Information Icon, .
Security Groups Tab
Privilege Option | Privilege Option Description |
---|---|
Read | Allows the user to see the Security Group. |
Edit | Allows the user to edit the Security Group. |
Add | Allows the user to add fields to the Security Group. |
Delete | Allows the user to delete the Security Group. |
None | Prevents the user from accessing the Security Group. |
Filtering for Security Groups
Administrators may filter for Security Groups.
Filter Applet
Field | Description |
---|---|
Security Group | Allows filtering on a specific Security Group |
Type | Allows the choice of what type of group. Applet, Tab, Relation, Superuser Applet, Trackor Type, or WorkFLow |
Trackor Type | Allows the choice of what Trackor Type |
Privilege | Allows the choice of what privilege. Is Set, Is Not Set, Has "Read", Does Not Have "Read", Has Edit, Does Not Have "Edit", Has "Add", Does Not Have "Add", Has Delete, Does Not Have "Delete", Is "None", Is Overwritten, Is Not Overwritten, Is None. |
Special Task Privs
The Special Task Privs tab allows the Administrator to set up special permissions for users to access or update specific tasks. The Administrator can limit a user to only be able to modify the projected dates for certain tasks while still allowing them to enter actual dates for other tasks.
To give the Security Role the Privilege for locking or unlocking a field check in the Privilege column checkbox of a field. To change an assignment click on the checkbox and click Apply. To mass assign, click the Select/Deselect All Privs Icon, , in the column headers and select OK on the Confirm Pop-Up window. To expand a row to view the Privilege description for a specific Security Token click the Expand Information Icon, . To restore the row click the now blue Expand Information Icon, .
Filtering for Special Task Privs
Administrators may filter for tasks.
Filter Applet
Lock Privs Tab
The Lock Privs Tab contains a list of all of the lockable fields in the OneVizion system.
To edit a lockable Trackor® click the hyperlink. To give the Security Role the Privilege for locking or unlocking a field check in the Privilege column checkbox of a field. To change an assignment click on the checkbox and click Apply. To mass assign, click the Select/Deselect All Privs Icon, , in the column headers and select OK on the Confirm Pop-Up window. To expand a row to view the Privilege description for a specific Security Token click the Expand Information Icon, . To restore the row click the now blue Expand Information Icon, .
Lock Privs Tab
Privilege Option | Privilege Description |
---|---|
Lock | Allows the user to be able to lock the Trackor®. |
Unlock | Allows the user to be able to unlock the Trackor. |
None | Prevents the user from locking or unlocking the Trackor. |
Filtering for Lock Privs
Administrators may filter for lockable Trackors.
Filter Applet
Cell Color Privs
The Cell Color Privs Tab allows administrators to give permissions to users who are able to Edit, Add, and Delete cell color changes.
Trackor Restrictions Tab
The Trackor Restrictions Tab contains a list of all of the Trackor Types in the OneVizion system. Each Trackor Type has a corresponding drop-down which indicates whether or not the Security Role is restricted to that Trackor Type. If a Security Role is restricted to a Trackor Type, users assigned to that Security Role can only see Trackors that belong to that Trackor Type’s children and grandchildren. For example, if a Security Role is restricted to the Trackor Type “Company” and the Trackor Type “Users” is a child to “Company”, any users assigned to the restricted Security Role can only see Trackors that also belong to the same company.
To edit a Trackor click the hyperlink. To restrict the Security Role to a specific Trackor Type use the drop-down next to the Trackor Type. To change an assignment use the drop-down and click Apply.
Trackor Restrictions Tab
Restriction Mode | Restriction Mode Description |
---|---|
Blank | No change is made to the assignment. |
Union | Allows the user to see all assigned Trackor Types regardless of any other Trackor restrictions. |
Intersection | Further restricts the user to Trackor Types which are shared with another Trackor Type restriction. For example, if the user is restricted to Company and Crew Member Trackor Types, only crew members that occur in both Company and Crew Member will be available to the user. |
For more detailed information refer to the Configuring Trackor Restriction page.
A hyperlink was added to restriction filter names. It opens the Restriction Filter edit form
Filter-based Trackor Restrictions
Note: This functionality only applies to Grids – it does not restrict users from accessing the record (using a URL) in an Applet.
To simplify trackor restriction functionality, you may also set Trackor Restrictions using Filters. Admins can leverage Filters to define access to trackors as opposed to a security role. This allows for more dynamic access management based on field values within the application.
You can build a Filter to limit access to records based on field values using Advanced Logic (And/Or) and use them for assigning Trackor Restriction to Security Roles. This feature is available along with the existing Trackor Restriction options in the Security Role->Trackor Restrictions tab.
Below are the steps to set up Filter-based Trackor Restrictions.
Enable the feature by setting System Parameter TrackorRestrictionMode
In the Security Role->Trackor Restriction tab, select the Trackor Type and choose option ‘Filter’.
From the Restriction Filter column select the ellipsis and set the Filter for your Trackor Restriction.
The filter logic will be applied to restrict the records that will be shown to Users with the current security role. For example, you can select Trackor Restriction Filter logic for Security Role ‘General Contractor’ to filter records by a Drop Down field (Contractor Type) of Value ‘General Contractor’
In case a user gets Intersection, Union, and Filter restrictions on the same Trackor Type via different security roles, the "Filter" restriction will take precedence over Intersection and Union.
Note: 'My XXXX' will be checked and disabled if Filter based trackor restriction is in play
The "Filter" restriction mode is not yet supported by the Components Export/Import or by the "Clone" feature on the Security Roles page.
Example of Setting Trackor Restrictions
Discipline Tab
The Discipline Tab contains all of the different Disciplines in the OneVizion system available for the default privs and assignments selected on the General Info tab. A Discipline is a mechanism used by OneVizion to maintain relationships between Sites and Tasks within WorkPlans by users. Disciplines group Tasks together and give users access to Tasks associated with a Discipline. Disciplines span all tenants and are added through the system V_Table V_DISCP. Once a Discipline is used, it cannot be deleted.
To give the Security Role the Privilege to view a Discipline check the box next to the Discipline. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs icon, , in the column header and click Apply.
Discipline Tab
Menu Applications Tab
The Menu Application Tab contains all of the Application Groups in the OneVizion system available for the default privs and assignments selected on the General Info tab. Applications are sets of items in the Application Menu that can be assigned to users. A user that has been assigned an Application can only see the items in that particular Application Group. This process allows the display of different sets of data to different users.
To edit a menu application by clicking the hyperlink. Administrators may give the Security Role the Privilege to view an Application Group by checking the box next to the Application Group. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs icon, , in the column header and click Apply.
Menu Applications Tab
Global Views Tab
The Global Views Tab contains all of the saved Global Views in the OneVizion system available for the default privileges and assignments selected on the General Info Tab. A Global View is a View Option that can be viewed by other users who have the appropriate security settings.
To edit a Global View click the hyperlink. To give the Security Role the Privilege to view a Global View check the box next to the Global View. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and click Apply.
Global Views Tab
Global Filters Tab
The Global Filters Tab contains all of the saved global filters in the OneVizion system available for the default privileges and assignments selected on the General Info tab. A Global Filter is a Filter that can be viewed by other users who have the appropriate security settings.
To edit a global filter click the hyperlink. To give the Security Role the Privilege to view a global filter check the box next to the global filter. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and clicking Apply.
Global Filters Tab
Global Portals Tab
The Global Portals Tab contains all of the saved Global Portals in the OneVizion system available for the default privileges and assignments selected on the General Info tab. A Portal is a configurable page that allows a user to combine multiple OneVizion application pages, applets, and windows into a single window. Each OneVizion page is given a bit of screen real estate on the Portal page. Typically, the different pages have a field in common with at least one other page. This allows the user to see many important pages that affect a common or similar thing.
To edit a global Portal click the hyperlink. To give the Security Role the Privilege to view a global Portal check the box next to the global filter. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and clicking Apply.
Global Portals Tab
Rules Tab
The Rules Tab contains all of the Rules in the OneVizion system available for the default privs and assignments selected on the General Info tab. A Rule is a supplemental block of code executed at defined trigger points to perform business functions. For information on editing a Rule, please refer to Adding a Rule section of the Rules documentation.
To edit a Rule click the hyperlink. To give the Security Role the Privilege to view a Rule check the box next to the global filter. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and clicking Apply.
The following is a list of tokens that are associated with rules.
Mass Assign
Mass Lock/Unlock
Rules Tab
Imports Tab
The Imports Tab contains all of the Imports in the OneVizion system available for the default privs and assignments selected on the General Info tab. An Import is a complex set of capabilities that facilitates the capture of information and the mass assigning of relationships among the components within the system.
To edit an Import click the hyperlink. To give the Security Role the Privilege to view an Import check the box next to the global filter. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and clicking Apply.
Imports Tab
Reports Tab
The Reports Tab contains all of the Reports in the OneVizion system available for the default privs and assignments selected on the General Info tab. A Report is a configurable presentation of data.
To edit a Report click the hyperlink. To give the Security Role the Privilege to view a Report check the box next to the global filter. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and clicking Apply.
Reports Tab
Report Delivery Tab
The Report Delivery Tab contains all of the methods by which a Report can be delivered.
To assign the Security Role access to a Report Delivery check the box next to the Report Delivery to give it access. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and click Apply.
Report Delivery Tab
The following is a list of actions that are taken when reports are delivered.
Copy on Report Server
Down Load Folder
E-File
E-Mail
E-Mail with Link
File
FTP
File Transfer Protocol the File
Public Map
Secure File Transfer Protocol the File
Notifications Tab
The Notifications Tab contains a list of all of the global Notifications within the OneVizion system available for the default privs and assignments selected on the General Info tab. The Notification function is used to send email alerts when certain trigger events occur.
To edit a Notification click the hyperlink. To give the Security Role the Privilege to receive a Notification for a trigger event check the box next to the trigger event. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs Icon, , in the column header and click Apply.
Notifications Tab
Notification Types Tab
The Notification Types Tab contains a list of all of the Notification Types within the OneVizion system available for the default privs and assignments selected on the General Info tab. The Notification Types are the trigger events that signal the system to send out a Notification.
To give the Security Role the Privilege to receive a Notification for a trigger event check the box next to the trigger event. To change an assignment click on the checkbox and click Apply. To mass assign by click the Select/Deselect All Privs Icon,, in the column header and click Apply.
Notification Types Tab
The following is a list of notifications that are sent when specific actions are taken.
Task Date Changed
Task NA Removed
Task NAed
Task Updated
Trackor Added
Trackor Deleted
Trackor Relation Updated
Trackor Updated
User Added
User Deleted
User Updated
WF Step Finished
WF Step Started
WP Added
WP Config Field Updated
WP Deleted
WP Updated
Export Types
The Export Types Tab contains a list of all of the Export Types within the OneVizion system available for the default privs and assignments selected on the General Info tab. Users are able to restrict export types, e.g, CSV, Excel, JSON.
Export Types Tab
Trackor Tours Tab
The Trackor Tours Tab contains all of the Trackor Tours created the OneVizion system available for the Security Tokens selected on the Security Groups tab.
To edit a Trackor Tours click the hyperlink. To restrict the Security Role to one or more Trackor Tours check the box next to the Trackor Tour. To change an assignment click on the checkbox and click Apply. To mass assign click the Select/Deselect All Privs icon, , in the column header and click Apply.
Trackor Tours Tab
Assigned Users Tab
Administrators may access the users assigned to the Security Role. Users are assigned to a Role via the User Application/Menu Application Tab. To edit a User click on the hyperlink.
Assigned Users Tab
Filtering for Assigned Users
Administrators can filter for users assigned to the Security Role.
Filter Applet
Components Package Tab
A trackor type or rule or DB package can be assigned to multiple Component Packages. For example, the Account will need to be part of the Case Management System and Professional Services Automation.
Components Audit Log Tab
The Components Audit Log records all changes made to components. The tab appears user clicks Apply or opened the Edit Users applet. For more information, please refer to the Components Audit Log Tab section of the Define Fields documentation.
Components audit Log Tab
Cloning a Security Role
Cloning a Security Role is useful for creating several Security Roles with very similar parameters. For example, administrators can create Security Roles for two different vendors that need to see only slightly different information. To clone a Security Role select a role and click the button. This will open the Add Security Role Applet with the same parameters as the source. The administrator must then give the new Security Role a unique name.
Editing a Security Role
To edit a Security Role highlight it in the application grid and click the Edit Icon, or click the hyperlink.
Deleting a Security Role
To delete a Security Role highlight it in the Application Grid and click the Delete Icon,.
Delete Confirmation Pop-up
Export Security Roles
To Export Security Roles or see the Export History click on the Export/Export History icon.
For detailed instructions on Exporting refer to the Exporting Trackor Record Data documentation.
On this Page
- 1 Administration
- 2 Configuring the Application Grid
- 3 Adding a Security Role
- 3.1 General Info Tab
- 3.2 Security Groups Tab
- 3.3 Special Task Privs
- 3.4 Lock Privs Tab
- 3.5 Cell Color Privs
- 3.6 Trackor Restrictions Tab
- 3.7 Discipline Tab
- 3.8 Menu Applications Tab
- 3.9 Global Views Tab
- 3.10 Global Filters Tab
- 3.11 Global Portals Tab
- 3.12 Rules Tab
- 3.13 Imports Tab
- 3.14 Reports Tab
- 3.15 Report Delivery Tab
- 3.16 Notifications Tab
- 3.17 Notification Types Tab
- 3.18 Export Types
- 3.19 Trackor Tours Tab
- 3.20 Assigned Users Tab
- 3.21 Components Package Tab
- 3.22 Components Audit Log Tab
- 4 Cloning a Security Role
- 5 Editing a Security Role
- 6 Deleting a Security Role
- 7 Export Security Roles