Defining Roles, Permissions and Users: Difference between revisions

Latest revision as of 22:45, 17 June 2017

	To add, change permissions associated with, or delete IMSMA roles, you must have permission Role Admin.

IMSMA^NG allows information managers to control permissions for IMSMA^NG functions through the management of Users and Roles.

Permission to Save - Submit - Approve - Reject are controlled by which Role the User belong to

With multiple permission levels for the Approval process, for example, different users can be assigned different permissions, allowing Mine Action Programmes to implement a Data Entry workflow that distinguishes between Data Entry and Data Verification roles. It is recommended to set up a permission structure that reserves approval authority for Data Entry Forms for the most experienced users.

Some of the permissions have two different levels:

Read-only
Read and Write

Recommended IMSMA^NG Roles
Role	Description
Data Entry	Users whose primary function is to enter Data Entry Forms. This role may or may not include the ability to approve Data Entry Forms.
Data Verification	Users who typically perform quality checks on the data entered by Data Entry users. This role is responsible for verifying the accuracy of the data entered and approving Data Entry Forms.
Operations	Users who typically browse for information within IMSMA^NG to make operational decisions. These users often perform searches for data, generate reports and analyse the data to support operational needs.
Operator Administrator	User that is not working at the NMAA and has more permission than Data Entry users. These could be permissions that is needed after installation e.g. Reference system or permission to publish Data Entry Forms templates.
IMSMA Administrator	Users who perform Information Management / System administrator specific functions such as creating Data Entry Form templates, designing printing reports, backing up and restoring data and other technical functions.
Guest	Users with essentially read-only access to browse data.

	Ensure that NMAA has exclusive control over user accounts and roles, Data Entry Form templates, the Data Inventory Manager and Auxiliary data.

Access to IMSMA^NG functions are handled by the permissions. Permissions allow a user to view information related to a function, or view and change information related to a function. Roles are named groups of permissions that can be assigned to users. IMSMA^NG includes several predefined roles with the installation. It is strongly recommended to customise these roles to the need of the Mine Action Programme. It is of course also possible to add new roles or copy existing roles.

	5 new permission groups with Read only variations have been added: Assistance classification Cause classification Country structure Hierarchy manager Needs classification

	1st July 2016 it was reported that users must have Read and Write on Organisation in order to be able to enter geographical data in Data Entry Forms. Investigations are on-going.

{{#switch:|subgroup|child=|none=|#default=

{{#if:|<th scope="col" style="border-left:2px solid #fdfdfd;width:100%;|}}{{#if:|{{#if:IMSMA^NG Administration|}}}}{{#if:{{#switch:{{#if:|{{{border}}}|child}}|subgroup|child=|none=|#default=

}}{{#ifeq:|Template|{{#ifeq:{{#if:|{{{border}}}|child}}|child||{{#ifeq:{{#if:|{{{border}}}|child}}|subgroup||{{#switch:defining roles, permissions and users

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = 
 }}
}}

}}}}}}|{{#if:IMSMA^NG Administration|}}{{#if:|

{{{imageleft}}}

}}{{#if:Installing IMSMA^NG|Installing IMSMA^NG<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{#switch:{{#if:|{{{border}}}|child}}|subgroup|child=

|none=|#default=

}}{{#ifeq:|Template|{{#ifeq:{{#if:|{{{border}}}|child}}|child||{{#ifeq:{{#if:|{{{border}}}|child}}|subgroup||{{#switch:defining roles, permissions and users

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = 
 }}
}}

}}}}}}{{#if:|

{{{image}}}

}}}}{{#if:|{{#if:IMSMA^NG Administration{{#switch:{{#if:|{{{border}}}|child}}|subgroup|child=|none=|#default=

}}{{#ifeq:|Template|{{#ifeq:{{#if:|{{{border}}}|child}}|child||{{#ifeq:{{#if:|{{{border}}}|child}}|subgroup||{{#switch:defining roles, permissions and users

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = 
 }}
}}

}}}}}}|}}{{#if:|{{{group2}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list2}}}

}}{{#if:|{{#if:IMSMA^NG Administration{{#switch:{{#if:|{{{border}}}|child}}|subgroup|child=|none=|#default=

}}{{#ifeq:|Template|{{#ifeq:{{#if:|{{{border}}}|child}}|child||{{#ifeq:{{#if:|{{{border}}}|child}}|subgroup||{{#switch:defining roles, permissions and users

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = 
 }}
}}

}}}}}}|}}{{#if:|{{{group3}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list3}}}

}}{{#if:|{{#if:|{{{group4}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list4}}}

}}{{#if:Documenting Customisations · Defining Roles, Permissions and Users · Language and Translations · Data Inventory Manager · Standardising Auxiliary Data · Design Data Entry Forms · Configuring the Items ID Generator · Designing Summary Templates · Standardising Data Analysis and Information Reporting · Designing iReport templates · Building Searches · Setting-up Maps and Coordinate Systems|{{#if:Customising IMSMA^NG|Customising IMSMA^NG<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

Documenting Customisations · Defining Roles, Permissions and Users · Language and Translations · Data Inventory Manager · Standardising Auxiliary Data · Design Data Entry Forms · Configuring the Items ID Generator · Designing Summary Templates · Standardising Data Analysis and Information Reporting · Designing iReport templates · Building Searches · Setting-up Maps and Coordinate Systems

}}{{#if:Information Exchange · Backup and Restore · Importing and Exporting|{{#if:Manage Information|Manage Information<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

Information Exchange · Backup and Restore · Importing and Exporting

}}{{#if:|{{#if:|{{{group7}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list7}}}

}}{{#if:|{{#if:|{{{group8}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list8}}}

}}{{#if:|{{#if:|{{{group9}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list9}}}

}}{{#if:|{{#if:|{{{group10}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list10}}}

}}{{#if:|{{#if:|{{{group11}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list11}}}

}}{{#if:|{{#if:|{{{group12}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list12}}}

}}{{#if:|{{#if:|{{{group13}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list13}}}

}}{{#if:|{{#if:|{{{group14}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list14}}}

}}{{#if:|{{#if:|{{{group15}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list15}}}

}}{{#if:|{{#if:|{{{group16}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list16}}}

}}{{#if:|{{#if:|{{{group17}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list17}}}

}}{{#if:|{{#if:|{{{group18}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list18}}}

}}{{#if:|{{#if:|{{{group19}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list19}}}

}}{{#if:|{{#if:|{{{group20}}}<td style="text-align:left;border-left-width:2px;border-left-style:solid;|

{{{list20}}}

}}{{#if:|{{#if:IMSMA^NG Administration{{#switch:{{#if:|{{{border}}}|child}}|subgroup|child=|none=|#default=

}}{{#ifeq:|Template|{{#ifeq:{{#if:|{{{border}}}|child}}|child||{{#ifeq:{{#if:|{{{border}}}|child}}|subgroup||{{#switch:defining roles, permissions and users

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = 
 }}
}}

}}}}}}|}}

{{{below}}}

}}{{#switch:|subgroup|child=

|none=|#default=}}{{#ifeq:|Template|{{#ifeq:|child||{{#ifeq:|subgroup||{{#switch:defining roles, permissions and users

|doc
|sandbox
|testcases =
|#default = {{#switch:hlist
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = 
 }}
}}

}}}}}}

@@ Line 1: / Line 1: @@
 __FORCETOC__
 {{TOC right}}
-IMSMANG allows information managers to control permissions for IMSMANG functions through the management of users and roles. With multiple permission levels for the Workbench, for example, different users can be assigned different permissions, allowing programmes to implement a data-entry workflow that distinguisheses between data entry and data verification roles. It is recommended to set up a permission structure that reserves approval authority for field reports for the most trusted users.
+{{Note | To add, change permissions associated with, or delete IMSMA roles, you must have permission ''Role Admin''.}}
-TYPICAL IMSMANG Roles
+{{IMSMANG}} allows information managers to control permissions for {{IMSMANG}} functions through the management of Users and Roles.
+[[Image:Approval buttons.png|center|500px]]
+<div align="center">
+''Permission to Save - Submit - Approve - Reject are controlled by which Role the User belong to''
+</div>
+With multiple permission levels for the Approval process, for example, different users can be assigned different permissions, allowing Mine Action Programmes to implement a Data Entry workflow that distinguishes between Data Entry and Data Verification roles. It is recommended to set up a permission structure that reserves approval authority for Data Entry Forms for the most experienced users.
+Some of the permissions have [[Change Permission Access Level | two different levels]]:
+* Read-only
+* Read and Write
 {| class="wikitable"
+! colspan="2" |  [[Recommended Roles and Permissions | Recommended ]]{{IMSMANG}} Roles
+|-
 ! Role
 ! Description
 |-
 | Data Entry
-| Users whose primary function is to enter field reports and other data into the system. This role may or may not include the ability to approve field reports.
+| Users whose primary function is to enter Data Entry Forms. This role may or may not include the ability to approve Data Entry Forms.
 |-
 | Data Verification
-| Users who typically perform quality checks on the data entered by Data Entry users. This role is often responsible for verifying the accuracy of the data entered and approving field reports.
+| Users who typically perform quality checks on the data entered by Data Entry users. This role is responsible for verifying the accuracy of the data entered and approving Data Entry Forms.
 |-
 | Operations
-| Users who typically browse for information within IMSMA<sup>NG</sup> to make operational decisions. Operations users may sometimes be grouped by function (for example, MRE, clearance or victim assistance). These users often perform searches for data, generate reports and analyze the data to support operational needs.
+| Users who typically browse for information within {{IMSMANG}} to make operational decisions. These users often perform searches for data, generate reports and analyse the data to support operational needs.
+|-
+| Operator Administrator
+| User that is not working at the NMAA and has more permission than Data Entry users. These could be permissions that is needed after installation e.g. Reference system or permission to publish Data Entry Forms templates.
 |-
-| Systems Administrator
+| IMSMA Administrator
-| Users who perform information management-specific functions such as creating field report templates, designing reports, backing up and restoring data and other technical functions.
+| Users who perform Information Management / System administrator specific functions such as creating Data Entry Form templates, designing printing reports, backing up and restoring data and other technical functions.
 |-
 | Guest
 | Users with essentially read-only access to browse data.
-|-
 |}
-{{note| To add, change permissions associated with, or remove IMSMA roles, you must have access to the Role Admin permission}}
-Permissions allow a user to view information related to a function, or view and change information related to a function.
+{{Note | Ensure that NMAA has '''exclusive''' control over user accounts and roles, Data Entry Form templates, the Data Inventory Manager and Auxiliary data.}}
-Roles are named groups of permissions that can be assigned to users.
+Access to {{IMSMANG}} functions are handled by the permissions. Permissions allow a user to view information related to a function, or view and change information related to a function. Roles are named groups of permissions that can be assigned to users. {{IMSMANG}} includes several [[Predefined Roles | predefined roles]] with the installation. It is '''strongly''' recommended to customise these roles to the need of the Mine Action Programme. It is of course also possible to add new roles or copy existing roles.
-IMSMA includes several predefined roles that have one or more permissions assigned to them. The predefined IMSMA roles are Operations, System Administrator, Data Entry, and Guest.
 {{HowTo's
-|[[HowTo:Access and Use the Role List Window|Access and Use the Role List Window]]
+|[[Role List Window]]
-|[[HowTo:Use the Role Editor Window|Use the Role Editor Window]]
+|[[User List Window]]
+|[[Predefined Roles]]
+|[[Recommended Roles and Permissions]]
 }}
-{{HowTo's
+{{New_6.0 | 5 new permission groups with Read only variations have been added:
-|[[HowTo:HowTo:Access and Use the User List Window|Access and Use the User List Window]]
+* Assistance classification
-|[[HowTo:Use the User Editor Window|Use the User Editor Window]]
+* Cause classification
-|[[HowTO:View/Change User|View/Change User]]
+* Country structure
+* Hierarchy manager
+* Needs classification
 }}
-You can use the predefined roles as is, or you can change them to suit your needs. You can also add new roles or copy existing roles.  The following sections provide information for performing these actions. The default permissions associated with IMSMA’s predefined roles and their descriptions are listed below:
-Table 37. Default Permissions for IMSMA Roles
-Role Name	Default Permissions	Provides Access to...
-Operations
-Operations	Base Table Export
-Combo Box Mgmt
-Country Structure Mgmt
-Data Inventory Manager
-Field Report
-Field Report Approve
-Field Report Export
-Field Report Import
-Field Report Reject
-Form Template Design
-Handheld
-Impact Scoring
-Link
-Object Obsoletion
-Ordnance
-Organisations
-Places
-Print
-Published Form Mgmt
-Reference System Manager
-Reporting
-Role Admin
-Search
-Theme Manager
-User Admin	Export country structure, explosive ordnance, organisation, and place data.
-Add, change, and remove option values.
-Add or change country structures and country structure levels.
-Add, change, and remove custom defined fields, custom option values, and data categories.
-Add, save, submit, and delete field reports.
-Approve field reports.
-Export field reports.
-Import field reports.
-Reject field reports.
-Add, change, and remove field report templates.
-Add, change, and remove handheld field report templates.
-Add, change, remove, and generate impact scores.
-Add links between item records.
-Toggle items in the Location View window between active and inactive.
-Add, change, and remove explosive ordnance. For this permission, you can also specify read-only access.
-Add, change, and remove IMSMA organisations. For this permission, you can also specify read-only access.
-Add and change IMSMA places. For this permission, you can also specify read-only access.
-Print the results.
-Change the status of field reports and export field reports for the handheld.
-Add, change, and remove coordinate reference systems used by IMSMA.
-Generate reports.
-Add, change, and remove roles and assign permissions to roles.
-Locate item records that meet specified criteria.
-Change IMSMA icons and map themes displayed on the IMSMA Navigation window’s map.
-Add, change, and deactivate users.
-System Administrator	Map Export
-Map Import	Export a map to an .apm file.
-Import a map into IMSMA.
-Data Entry
-Data Entry	Field report
-Ordnance (read-only)
-Organisations (read-only)
-Places (read-only)
-Print
-Search	Add, save, submit, and delete field reports.
-View explosive ordnance.
-View IMSMA organisations.
-View IMSMA places.
-Print the results.
-Locate item records that meet specified criteria.
+{{Note| 1st July 2016 it was reported that users must have ''Read and Write'' on Organisation in order to be able to enter geographical data in Data Entry Forms. Investigations are on-going.}}
+{{NavBox IMSMA NG Administration}}
-Guest
+[[Category:NAA]]
-Search	Locate item records that meet specified criteria.

	IMSMA^NG Administration
}}<table cellspacing="0" class="nowraplinks hlist {{#if:IMSMA^NG Administration\|{{#switch:autocollapse\|plain\|off=\|#default=collapsible {{#if:autocollapse\|autocollapse\|autocollapse}}}}}} {{#switch:\|subgroup\|child\|none=navbox-subgroup" style="border-spacing:0;;\|#default=navbox-inner" style="border-spacing:0;background:transparent;color:inherit}};;">{{#if:IMSMA^NG Administration\|

{{{above}}}

Defining Roles, Permissions and Users: Difference between revisions

Latest revision as of 22:45, 17 June 2017

Navigation menu

Search