Access control and system roles
Contents:
System administrator roles
System administrator roles are divided into the 2 sub-roles depending on the rights & authorities to be set up:
- [elAdminSysR] - system administrator, that has a right to view all settings in elDoc system in reading mode (without possibility to introduce changes / edit);
- [elAdminSysRW] - system administrator, that has a right to view and edit all settings in elDoc system.
Document administrator roles
In order to granularly redistribute access rights on document management and ensure adherence of 4-eyes principle, there are three (3) sub-roles of document administrators in elDoc system.
- [elAdminDocsR] - document administrator role that has a right to view all documents in elDoc system (without possibility to edit or delete documents);
- [elAdminDocsRW] - document administrator role that has a right to view and edit all documents in elDoc system (without possibility to delete documents);
- [elAdminDocsD] - document administrator role that has a right to delete documents in elDoc system. This role only can be used along with one of the roles: either [elAdminDocsR] or [elAdminDocsRW].
CRM administrator roles
CRM administrator roles are divided into the 2 sub-roles depending on the rights & authorities to be set up:
- [elAdminCrmR] - CRM administrator role that has a right to view all documents of CRM in reading mode (without possibility to introduce changes / edit);
- [elAdminCrmRW] - CRM administrator role that has a right to view and edit all documents of CRM in elDoc system.
Standard roles
Standard system roles are listed below:
- [elUser] - standard "All users" system role which represents all users of the system and is assigned by default to all users and service accounts.
Access matrix
In order to granularly redistribute the access rights in elDoc system the following access matrix is applied:
Functionality \ Role | [elUser] | [elAdminDocsR] | [elAdminDocsRW] | [elAdminDocsD] | [elAdminSysR] | [elAdminSysRW] | [elAdminCrmR] | [elAdminCrmRW] |
|---|---|---|---|---|---|---|---|---|
Standard functionality | ||||||||
Standard functionality - standard activities with documents |  | |||||||
Standard functionality - standard activities in CRM |
|
|
|
|
|
|
|
|
Documents | ||||||||
View all documents in the system |
|
|
|
|
|
|
|
|
View document accessibility settings |
|
|
|
|
|
|
|
|
Edit document accessibility settings |
|
|
|
|
|
|
|
|
Suspend document |
|
|
|
|
|
|
|
|
Resume suspended document |
|
|
|
|
|
|
|
|
Cancel document |
|
|
|
|
|
|
|
|
Block (hide) document |
|
|
|
|
|
|
|
|
Delete document |
|
|
|
|
|
|
|
|
Workflows | ||||||||
View document workflow configurations |
|
|
| |||||
Create configurations for document workflow |
|
|
|
|
|
|
|
|
Change configurations for document workflow |
|
|
|
|
|
|
|
|
Delete configurations for document workflow |
|
|
|
|
|
|
|
|
Document forms and Recognition forms | ||||||||
View forms |
|
|
|
|
|
|
|
|
Create forms |
|
|
|
|
|
|
|
|
Edit forms |
|
|
|
|
|
|
|
|
Block forms |
|
|
|
|
|
|
|
|
Unblock forms |
|
|
|
|
|
|
|
|
| Import recognition forms | | |||||||
| Export recognition forms | | |||||||
Organizational units | ||||||||
View organizational units |
|
|
|
|
|
|
|
|
Create organizational units |
|
|
|
|
|
|
|
|
Edit organizational units |
|
|
|
|
|
|
|
|
Delete organizational units |
|
|
|
|
|
|
|
|
Directories | ||||||||
View directories |
|
|
|
|
|
|
|
|
Create directories |
|
|
|
|
|
|
|
|
Edit directories |
|
|
|
|
|
|
|
|
Edit CRM directories |
|
|
|
|
|
|
|
|
Delete directories |
|
|
|
|
|
|
|
|
Delete CRM directories |
|
|
|
|
|
|
|
|
Counters | ||||||||
View counters |
|
|
|
|
|
|
|
|
Edit counters mode |
|
|
|
|
|
|
|
|
Users | ||||||||
View users | |
|
|
|
|
|
|
|
Create users |
|
|
|
|
|
|
|
|
Edit users |
|
|
|
|
|
|
|
|
Delete users |
|
|
|
|
|
|
|
|
Groups | ||||||||
View groups |
|
|
|
|
|
|
|
|
Create groups |
|
|
|
|
|
|
|
|
Edit groups |
|
|
|
|
|
|
|
|
Delete groups (not system groups) |
|
|
|
|
|
|
|
|
System logs |
|
|
|
|
|
|
|
|
View system logs |
|
|
|
|
|
|
|
|
Settings | ||||||||
View system settings |
|
|
|
|
|
|
|
|
Change system settings |
|
|
|
|
|
|
|
|
CRM | ||||||||
View all actions in CRM |
|
|
|
|
|
|
|
|
Edit organizations in CRM |
|
|
|
|
|
|
|
|
Edit contacts in CRM |
|
|
|
|
|
|
|
|
Delete organizations in CRM |
|
|
|
|
|
|
|
|
Delete staff in CRM |
|
|
|
|
|
|
|
|
Delete contacts in CRM |
|
|
|
|
|
|
|
|
Delete actions in CRM |
|
|
|
|
|
|
|
|
Hierarchy-based access
System allows to use hierarchy-based access rights on documents and records of other types.
Common controls that provide possibility to adjust access are named as follows:
- Access: View - provides read access to the record
- Access: Edit - provides read & write access to the record
- Access: View (by hierarchy) - provides hierarchical read access to the record: access is given to the select unit(s) and all subordinated organizational units.
- Access: Edit (by hierarchy) - provides hierarchical read & write access to the record: access is given to the select unit(s) and all subordinated organizational units.
On the user interface such controls could be presented in the way as shown below:
Last modified: May 12, 2023