Define Access Roles
Explanation
This activity is used to create an access role and assign
access attributes to it. Access roles are responsible for control of what data a
user can access and register.
There are two types of access roles:
- Access - this role groups together attributes responsible
for access and control over data of other people or organizational data
(e.g., headcount plans and vacancy requests).
- Self-Access - this role groups attributes that allow employees and
persons to register their own data. If an area in the application is
protected by a data registration access attribute, this attribute has to be
included in an access role, and assigned to anyone who wants to access the
protected content.
Prerequisites
In order to perform this activity, access attributes have to be defined in
the Access Attributes window.
System Effects
As a result of this activity, an access role will be defined and available
for assignment.
Window
Access Roles
Related Window Descriptions
Access Roles
Procedure
- Open the Access Roles window.
- In the header, add a new record.
- In the Access Role ID field, enter the unique identifier of the
role.
- In the Access Role Name field, enter the name of the role.
- In the Access Role Type field, select the type of the access
role.
Note: Once the type is selected, only registration of a specific type
of attributes is possible.
- Select the
Limited Access
check box if you want to limit the access only to what is specified by the
access attributes.
E.g., If you leave the check box
cleared and grant someone
access to authorize expenses, this person will be able to see
all
employee data that are not specifically marked as protected.
However, if you
select
this check box and grant someone access authorize expenses, this person will
only
be able to authorize expenses and won't see any other employee data.
- Use check boxes under
Areas of Access
to control access over specific types of data:
- Select
Personal Data
check box, to grant access to personal data of
employees, e.g., personal basic data, competencies, licenses.
- Select
Employee Data
check box to grant acces to employee data, e.g, salary, absences, time
registration.
- Select
Organizational Data
check box to grant access to data connected to organization units, e.g.,
headcount plans, vacancy requests.
Note:
In case of self-access roles, this check box is deactivated.
- In the Access Role Description field, enter the description
of the access role. It can be useful to provide some additional details in
case of roles that incorporate many attributes.
- In the table, add a new record.
- In the Attribute ID field, enter the unique identifier of an
access attribute you want to assign to the role. You can use the list of
values.
- Select the Granted check box, to activate the attribute. If this
check box is not selected, the attribute will not work, even if it is
assigned to the role. This option is useful for making temporary changes to
a role if you don't want to completely remove the record.
- In the Attribute Level field, enter the authority level of the
attribute. If 2 supervisors have the ability to alter the same data, the one
with higher attribute value will be able to overwrite any changes.
- Supervisors can temporarily share their own access roles with their
substitutes. They can choose which attributes to give, but if you are
certain that an attribute should never be given to anyone other than the
person it was assigned to, clear the Delegation Allowed check box.
This will prevent the attribute from ever being shared by the supervisor who
has the access role.
- Save the information.