Create and Manage System Security Roles
Background
Upon registration of your company as a Member the user who registered the Company is automatically assigned the Role of “Member Administrator”. The application requires that at all times at least one user within a Membership is assigned the “Member Administrator” role.
A user assigned the “Member Administrator” role can remove themselves from that role but at all times at least one user must be assigned that role.
There are several ways to design your membership systems security to access the applications menu items.
Click on picture to enlarge
Where CRUD security is defined as:
- C – Create
- R – Read
- U – Update (edit)
- D – Delete
Systems Security Roles can be developed in several ways:
- By Each Menu Item within a module ie Internal Contact List,
- By a Group of Menu Items within a module ie Departments, Billing Classification, Positions, Expenditure Types,
- By Company Department i.e. Commercial, Legal, Project Management etc
- By Position Description, i.e. Engineer, Manager, Document Controller
- Or a combination of the above
Extrack recommends a combination of the above. Members should create roles for specific system menu items such as Assign User Roles, roles for a group of menu items such as Departments, Billing Classification, Positions, Expenditure Types and Profit Centre, and security roles based on organisation departments or positions such as Document Controller.
Consideration should also be given to the order in which the roles are displayed for assignment.
Process
1) Click Settings
2) Under System Security click Roles,
Click on picture to enlarge
3) Check the role doesn’t exist by filtering the grid on either code or title.
4) Add, edit, delete Roles by using the icon buttons identified below.
Click on picture to enlarge
Consideration should be given to the coding and title nomenclature ie Module-Subheading-Sequential number and CRUD type – > ORGCONINTMET-CRU (for Module:Organisation, Subheading:Member Contacts Metadata, CRUD Security:Create Read Update)
Click on picture to enlarge
Pre-Requisite Requirements
Licensing – users are to be licensed for the ORG module, this can be found under Settings then click User Licensing , set a billing account for the user. For more info see Knowledge Base Article -> User Licensing
Roles – users are to be assigned a user role for accessing the Billing Classification menu item. This can be found under Settings – System Security then click Assign User Roles . For more info see Knowledge Base Article -> Assign User Roles
System Security Roles do not require any other pages pre-populated with data prior to their use.
Additional Information
| Field | Example Input | Characters | Field Restrictions |
|---|---|---|---|
| Order | 20 | Min 1 Max 20 | Mandatory
Alpha, Numeric and special characters allowed. Duplicates Allowed. |
| Code | ORGCONINTMET-CRU | Min 1 Max 20 | Mandatory
Alpha, Numeric and special characters allowed. No Duplicates Allowed. |
| Title | ORG – Contacts – Internal Metadata – CRU | Min 1 Max 150 | Mandatory
Alpha, Numeric and special characters allowed. No Duplicates Allowed. |
| Description | Create Read Update Internal Company Departments / Positions / Billing Classifications and Expenditure Types – to delete data please see systems administrator. | Min 0 Max 500 | Non Mandatory
Alpha, Numeric and special characters allowed. |
| Order | Code | Title | Description |
|---|---|---|---|
| 1 | MemberAdmin | Member Administrator | This the member administrator it can not be changed |
| 2 | BASIC | Basic | This role allows Read only access to the majority of system menu items that are not commercially sensitive |
| 5 | ORGCMPSTR-R | ORG – Corporate Structure – R | Read Only Access to the Corporate Structure – to modify please see System Administrator |
| 7 | ORGCMP-CRU | ORG – Companies – CRU | Create Read Update Companies – to delete see system Administrator |
| 10 | ORGCONINT-CRU | ORG – Contacts – Internal – CRU | Create Read Update Internal Contacts – Read only access to all other Metadata fields |
| 15 | ORGCONEXT-CRU | ORG – Contacts – External – CRU | Create Read Update External Contacts – Read only access to all other Metadata fields. |
| 20 | ORGCONINTMET-CRU | ORG – Contacts – Internal Metadata – CRU | Create Read Update Internal Company Departments / Positions / Billing Classifications and Expenditure Types – to delete data please see systems administrator. |
| 25 | ORGCONEXTME-CRU | ORG – Contacts – External Metadata – CRU | Create Read Update External Company Departments / Positions / Billing Classifications and Expenditure Types – to delete data please see systems administrator. |
| 55 | TMEWKYTSIND | TME – Weekly Timesheet – Individual | Can Create Read Update and submit personal timesheet for approval. |
| 55 | TMETSWKYSUP | TME – Weekly Timesheet – Supervisor | Can Create Read Update and submit timesheets for crews reporting to them for approval. |
| 56 | TMEWO-CRUD | TME – Work Orders | Create Read Update Delete Work Orders |
| 57 | TMERPT | TME – Time sheet Reports | Can export timesheet data based on project security access |
| 100 | PRJBS-CRU | PRJ – Breakdown Structures – CRU | Create Read Update all project breakdown structures such as Cost / Task / Work etc |
| 150 | REGPAY-CRU | REG – Payment Claim | Create Read Update Payment Claim Register |
| 190 | SYSUSRINT-CRU | SYS – Users – Internal – CRU | Create Read Update Internal User Data |
| 195 | SYSUSREXT-CRU | SYS – Users – External – CRU | Create Read Update External User Data |
| 200 | SYSPRJMET-CRU | SYS – Project – Metadata – CRU | Create Read Update Systems Project Metadata – to delete data please see systems administrator |
| 210 | SYSJOBMNG-CRU | SYS – Project – Jobs – CRU | Create Read Update Jobs (internal projects) – to delete data please see systems administrator |
| 220 | SYSPRJMNG-CRU | SYS – Project – Projects – CRU | Create Read Update Projects (external projects which allow data import) – to delete data please see systems administrator |
| 230 | SYSPRJSEC-CRU | SYS – Project – Security – CRU | Create Read Update security access to projects including creating and managing security groups. |
| 240 | SYSLIC-CRU | SYS – Licensing – CRU | Create Read Update User Licenses for the system |
| 250 | SYSBIL-CRU | SYS – Billing – CRU | Create Read Update System Billing information. |
| 260 | SYSSEC-CRU | SYS – System Security – CRU | Create Read Update Assigning User Roles, for managing Roles / User Role Settings please see the systems administrator |
| Order | Code | Title | Description |
|---|---|---|---|
| 300 | DEPT-COM | Department – Commercial | Menu Security Access set per Departmental requirements |
| 310 | DEPT-PRO | Department – Procurement | Menu Security Access set per Departmental requirements |
| 320 | DEPT-LEG | Department – Legal | Menu Security Access set per Departmental requirements |
| 330 | DEPT-ENG | Department – Engineering | Menu Security Access set per Departmental requirements |
| 340 | DEPT-PPM | Department – Project Management | Menu Security Access set per Departmental requirements |
| 500 | DEPT-SAF | Department – Safety | Menu Security Access set per Departmental requirements |
| Order | Code | Title | Description |
|---|---|---|---|
| 510 | POS-MGROPS | Manager – Operations | Menu Security Access set per Position requirements |
| 520 | POS-MGRPRJ | Manager – Project | Menu Security Access set per Position requirements |
| 530 | POS-ENGSIT | Engineer – Site | Menu Security Access set per Position requirements |
| 540 | POS-ENG | Engineer | Menu Security Access set per Position requirements |
| 550 | POS-MGRSAF | Manager – Safety | Menu Security Access set per Position requirements |
| 560 | POS-MGRHR | Manager – Human Resources | Menu Security Access set per Position requirements |
| 570 | POS-LAW | Lawyer | Menu Security Access set per Position requirements |
| 580 | POS-MGRPRJCTRL | Manager – Project Controls | Menu Security Access set per Position requirements |