Define Access Roles

Explanation

This activity is used to create an access role and assign access attributes to it. Access roles are responsible for control of what data a user can access and register.
There are two types of access roles:

• Access - this role groups together attributes responsible for access and control over data of other people or organizational data (e.g., headcount plans and vacancy requests).
• Self-Access - this role groups attributes that allow employees and persons to register their own data. If an area in the application is protected by a data registration access attribute, this attribute has to be included in an access role, and assigned to anyone who wants to access the protected content.

Prerequisites

In order to perform this activity, access attributes have to be defined in the Access Attributes window.

System Effects

As a result of this activity, an access role will be defined and available for assignment.

Window

Access Roles

Related Window Descriptions

Access Roles

Procedure

1. Open the Access Roles window.
2. In the header, add a new record.
3. In the Access Role ID field, enter the unique identifier of the role.
4. In the Access Role Name field, enter the name of the role.
5. In the Access Role Type field, select the type of the access role.
   Note: Once the type is selected, only registration of a specific type of attributes is possible.
6. Select the Limited Access check box if you want to limit the access only to what is specified by the access attributes.
   E.g., If you leave the check box cleared and grant someone access to authorize expenses, this person will be able to see all employee data that are not specifically marked as protected.
   However, if you select this check box and grant someone access authorize expenses, this person will only be able to authorize expenses and won't see any other employee data.
   
7. Use check boxes under Areas of Access to control access over specific types of data:
   • Select Personal Data check box, to grant access to personal data of employees, e.g., personal basic data, competencies, licenses.
   • Select Employee Data check box to grant acces to employee data, e.g, salary, absences, time registration.
   • Select Organizational Data check box to grant access to data connected to organization units, e.g., headcount plans, vacancy requests.
     Note: In case of self-access roles, this check box is deactivated.
8.  In the Access Role Description field, enter the description of the access role. It can be useful to provide some additional details in case of roles that incorporate many attributes.
9. In the table, add a new record.
10. In the Attribute ID field, enter the unique identifier of an access attribute you want to assign to the role. You can use the list of values.
11. Select the Granted check box, to activate the attribute. If this check box is not selected, the attribute will not work, even if it is assigned to the role. This option is useful for making temporary changes to a role if you don't want to completely remove the record.
12. In the Attribute Level field, enter the authority level of the attribute. If 2 supervisors have the ability to alter the same data, the one with higher attribute value will be able to overwrite any changes.
13. Supervisors can temporarily share their own access roles with their substitutes. They can choose which attributes to give, but if you are certain that an attribute should never be given to anyone other than the person it was assigned to, clear the Delegation Allowed check box. This will prevent the attribute from ever being shared by the supervisor who has the access role.
14. Save the information.