Access control and system roles


Contents:


System administrator roles

System administrator roles are divided into the 2 sub-roles depending on the rights & authorities to be set up: 

  • [elAdminSysR] - system administrator, that has a right to view all settings in elDoc system in reading mode (without possibility to introduce changes / edit);
  • [elAdminSysRW] - system administrator, that has a right to view and edit all settings in elDoc system.

Document administrator roles

In order to granularly redistribute access rights on document management and ensure adherence of 4-eyes principle, there are three (3) sub-roles of document administrators in elDoc system.  

  • [elAdminDocsR] - document administrator role that has a right to view all documents in elDoc system (without possibility to edit or delete documents);
  • [elAdminDocsRW] - document administrator role that has a right to view and edit all documents in elDoc system (without possibility to delete documents); 
  • [elAdminDocsD] - document administrator role that has a right to delete documents in elDoc system. This role only can be used along with one of the roles: either [elAdminDocsR] or [elAdminDocsRW].

CRM administrator roles

CRM administrator roles are divided into the 2 sub-roles depending on the rights & authorities to be set up: 

  • [elAdminCrmR] - CRM administrator role that has a right to view all documents of CRM in reading mode (without possibility to introduce changes / edit);
  • [elAdminCrmRW] - CRM administrator role that has a right to view and edit all documents of CRM in elDoc system. 

Standard roles

Standard system roles are listed below:

  • [elUser] - standard "All users" system role which represents all users of the system and is assigned by default to all users and service accounts.

Access matrix

In order to granularly redistribute the access rights in elDoc system the following access matrix is applied:

Functionality \ Role

[elUser]

[elAdminDocsR]

[elAdminDocsRW]

[elAdminDocsD]

[elAdminSysR]

[elAdminSysRW]

[elAdminCrmR]

[elAdminCrmRW]

Standard functionality









Standard functionality - standard activities with documents

(plus)








Standard functionality - standard activities in CRM

(plus)

 

 

 

 

 

 

 

Documents









View all documents in the system 

 

(plus)

(plus)

 

 

 

 

 

View document accessibility settings 

 

(plus)

(plus)

 

 

 

 

 

Edit document accessibility settings 

 

 

(plus)

 

 

 

 

 

Suspend document 

 

 

(plus)

 

 

 

 

 

Resume suspended document 

 

 

(plus)

 

 

 

 

 

Cancel document

 

 

(plus)

 

 

 

 

 

Block (hide) document 

 

 

(plus)

 

 

 

 

 

Delete document

 

 

 

(plus)

 

 

 

 

Workflows 









View document workflow configurations 

 

(plus)

(plus)






Create configurations for document workflow 

 

 

(plus)

 

 

 

 

 

Change configurations for document workflow

 

 

(plus)

 

 

 

 

 

Delete configurations for document workflow

 

 

(plus)

 

 

 

 

 

Document forms and Recognition forms









View forms

 

(plus)

(plus)

 

 

 

 

 

Create forms

 

 

(plus)

 

 

 

 

 

Edit forms 

 

 

(plus)

 

 

 

 

 

Block forms 

 

 

(plus)

 

 

 

 

 

Unblock forms

 

 

(plus)

 

 

 

 

 

Import recognition forms

(plus)




Export recognition forms

(plus)




Organizational units









View organizational units 

 

(plus)

(plus)

 

 

 

 

 

Create organizational units 

 

 

(plus)

 

 

 

 

 

Edit organizational units 

 

 

(plus)

 

 

 

 

 

Delete organizational units 

 

 

(plus)

 

 

 

 

 

Directories









View directories

 

(plus)

(plus)

 

 

 

(plus)

(plus)

Create directories

 

 

(plus)

 

 

 

 

 

Edit directories

 

 

(plus)

 

 

 

 

 

Edit CRM directories

 

 

 

 

 

 

 

(plus)

Delete directories

 

 

(plus)

 

 

 

 

 

Delete CRM directories

 

 

 

 

 

 

 

(plus)

Counters 









View counters

 

(plus)

(plus)

 

 

 

 

 

Edit counters mode

 

 

(plus)

 

 

 

 

 

Users 









View users 

 (plus)

 

 

 

(plus)

(plus)

 

 

Create users

 

 

 

 

 

(plus)

 

 

Edit users

 

 

 

 

 

(plus)

 

 

Delete users

 

 

 

 

 

(plus)

 

 

Groups









View groups 

 

 

 

 

(plus)

(plus)

 

 

Create groups 

 

 

 

 

 

(plus)

 

 

Edit groups

 

 

 

 

 

(plus)

 

 

Delete groups (not system groups) 

 

 

 

 

 

(plus)

 

 

System logs

 

 

 

 

 

 

 

 

View system logs

 

 

 

 

(plus)

(plus)

 

 

Settings









View system settings

 

 

 

 

(plus)

(plus)

 

 

Change system settings

 

 

 

 

 

(plus)

 

 

CRM









View all actions in CRM

 

 

 

 

 

 

(plus)

(plus)

Edit organizations in CRM

 

 

 

 

 

 

 

(plus)

Edit contacts in CRM

 

 

 

 

 

 

 

(plus)

Delete organizations in CRM

 

 

 

 

 

 

 

(plus)

Delete staff in CRM

 

 

 

 

 

 

 

(plus)

Delete contacts in CRM

 

 

 

 

 

 

 

(plus)

Delete actions in CRM

 

 

 

 

 

 

 

(plus)

Hierarchy-based access

System allows to use hierarchy-based access rights on documents and records of other types.

Common controls that provide possibility to adjust access are named as follows:

  • Access: View - provides read access to the record
  • Access: Edit - provides read & write access to the record
  • Access: View (by hierarchy) - provides hierarchical read access to the record: access is given to the select unit(s) and all subordinated organizational units.
  • Access: Edit (by hierarchy) - provides hierarchical read & write access to the record: access is given to the select unit(s) and all subordinated organizational units.

On the user interface such controls could be presented in the way as shown below: