Skip to main content
Skip table of contents

Roles


Use Roles to set up groups of users who share the same security based on their work assignments. Users can belong to more than one group. In addition to the security assigned through roles, users can be granted individual resources through User Access.

Role groups also can be integrated with Active Directory, which provides central authentication for authorizing users. The availability of this feature depends on whether the Integrate with Active Directory field in your Security Profile is selected. If the field is selected:

  • Network administrators can assign policies, deploy software, and apply critical updates throughout an organization.
  • Network users can access permitted resources anywhere on the network using Single Sign On.

For more information on Active Directory, contact your System Administrator.

Menu Path

From the System Administration menu, select Administration. From the Security menu, select Roles.

Action Bar Items

The following items display on the Action Bar after you generate a list of records:

ItemDescription

Grant

Displays the Resource Lookup page, which allows you to search for and select the security resources to assign to an existing role. The resources are stored in the page's Permissions tab.

Copy

Enables you to copy permissions and users from existing roles to new ones if your system is not integrated with Active Directory. If your system is integrated with Active Directory, the Users for the new role will be determined by the role's Active Directory Group.

Assign Users

Displays the Assign Users to Role page, where you can assign users to a selected role.

This option only appears if your site uses Active Directory and the Integrate with Active Directory field on the Security Profile is not selected.

Synchronize

Allows you to refresh users based on the current Active Directory settings. You can select this item as follows:

  • Before generating a list of roles, refresh all users in all roles.
  • After generating a list of roles, refresh users for the individual roles displayed. The Synchronize will delete all existing users from the roles before the refresh.

We recommend that all users be out of the system before you run the synchronization to avoid interrupting users' access to options.

This option is only available if your site uses Active Directory and the Integrate with Active Directory field on the Security Profile is selected.

The Integrate with Active Directory field on the Security Profile determines whether the action bar includes the Assign Users or the Synchronize option. If you do not use Active Directory, neither option appears in the action bar.

Tab Field Descriptions

TabField Description

Role Information

Stores the Role ID, Description, Status of the role, and, if applicable, the Active Directory Group.

  • Role ID: Unique code is used to identify the role. The limit is ten characters.
  • Description: Description of the role. The limit is 53 characters.
  • Active Directory Group: The Active Directory group associated with the role. This field appears only if the Integrate with Active Directory field on the Security Profile is selected.
  • Status: The status of the role. Select from:
    • A - Active
    • I - Inactive. Inactive roles are not used when verifying users' security access.

Permissions

Stores the security resources associated with the role. This tab does not appear when you are adding a role. Click Grant from the action bar to update permissions for an existing role.

  • Package: Code identifying a particular function of a software package or sub-package.
  • Subpackage: Code identifying the application area that runs within a package.
  • Resource: Code identifying a particular function of a software package or sub-package.
  • Description: Full description of the resource code.

Users

Enables you to assign users to a role when roles are not integrated with Active Directory. If your site uses Active Directory, this tab is read-only. Select a record in the List section, then click the Users tab to display the users in a group.

  • User ID: Login ID the employee uses to sign in to the application. When you enter the ID, the user's name displays in the Name field.
  • Windows Login ID: Windows Login Name as it appears on the Users page. Use the Lookup button to access the Active Directory Search page, which displays the Active Directory groups available to associate with the role. This field appears only
  • if the Integrate with Active Directory field on the Security Profile is selected.
  • Name: Employee's First Name and Last Name as they appear on the Users page.

Add Roles

  1. On the Roles page, click Add New.

  2. Enter Role Information.

    Role Information is not available if your system is integrated with Active Directory.

    Proceed to the next step.

  3. In the Users tab, enter the User ID of each user associated with this role.
  4. Click OK.

Copy Roles

  1. On the Roles page, enter the Search Criteria for the role you want to copy, then click Find.
  2. In the List section, select the role; from the action bar, select Copy.
  3. Enter Role Information.
  4. Click OK.

When you copy a role, resources linked to the role are also copied to the Permissions tab.

  • If your system is not integrated with Active Directory, the users from the original role are copied to the Users tab.
  • If your system is integrated with Active Directory, the Users tab will display the users based on the Active Directory Group selected.

Delete Roles

  1. On the Roles page, enter the Search Criteria for the role you want to delete, then click Find.
  2. In the List section, select the role; from the action bar, select Delete.
  3. Click Yes.

Assign Users to a Role Not Integrated with Active Directory

  1. On the Roles page, enter the Search Criteria for the role you want to assign, then click Find.
  2. In the List section, select the role; from the action bar, select Assign Users.
  3. In the Assign Users to Role page, select the users to assign to the role.
    • To add multiple users individually, hold CTRL on your keyboard and select each user you want to add.
    • To add multiple users simultaneously, hold SHIFT on your keyboard, click the first user in the range, and then select the last user.
  4. Click OK to assign the selected users to the role.

Delete Users from a Role Not Integrated with Active Directory

  1. On the Roles page, enter the Search Criteria for the role from which you want to delete users, then click Find.
  2. In the List section, select the role, and then click OK.
  3. In the Users tab:
    • To delete an individual user, select the user and then click Delete Row on the Action Bar.
    • To delete all users displayed, click Delete All on the Action Bar.
  4. Click OK to save the deletions.

Add Resources to a Role

  1. On the Roles page, enter the Search Criteria for the role you want to edit, then click Find.
  2. In the List section, select the role; from the action bar, select Grant.

  3. Enter selection criteria in the following fields for the security resources you want to add:

    1. Resource
    2. Package

    3. Subpackage

      You can enter a specific code or use the pipe symbol between codes to reference more than one record, for example, 100|225|350.
  4. Click OK to view the Resource Selection page.
  5. Select the security resources you want to assign to the role.
    • To select multiple resources individually, hold CTRL on your keyboard, and select each resource you want to add.
    • To select a range of users in the list, hold SHIFT on your keyboard, click the first resource in the range, and then select the last resource.
  6. Click OK to add the resources to the role.

Delete Resources from a Role

  1. On the Roles page, enter the Search Criteria for the role you want to edit, then click Find.
  2. In the List section, select the role, and click OK.
  3. In the Permissions tab:
    • To delete an individual resource, select the resource and then click Delete Row on the action bar.
    • To delete the resources displayed, click Delete All on the action bar.
  4. Click OK.

Synchronize Users and Roles based on Current Active Directory Settings

  1. On the Roles page, to synchronize roles and refresh all users, click Synchronize and proceed to step 5.

    • If you are synchronizing individual roles, skip this step.
    • To synchronize additional roles, repeat steps 4 and 5.
  2. To synchronize an individual role, enter the Search Criteria for the role you want to synchronize, then click Find.
  3. In the List section, select a role, and click Synchronize.
  4. Click Yes to run the synchronization and refresh users.

Generate the Security Roles List

  1. On the Roles page, enter the Search Criteria for the role you want to include in the report, then click Find.
  2. Click Print.
  3. Specify the format you want to generate the report and click OK. The default file name is roles.rpt.

Related Pages

User Access

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close