Difference between revisions of "Roles"

From Hornbill
Jump to navigation Jump to search
(30 intermediate revisions by 5 users not shown)
Line 1: Line 1:
__NOTOC__[[Main Page|Home]] > [[Administration]] > [[Users, Roles, & Organisation]] > Roles
+
This document can now be found at its new location in the [https://docs.hornbill.com/esp-config/organizational-data/roles/ Hornbill Document Library].
 +
 
 +
[[file:hornbill-document-library.png|Hornbill Cloud|link=https://docs.hornbill.com/esp-config/organizational-data/roles/]]
 +
<!--
 +
 
 +
<div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;">
 +
__NOTOC__[[Main Page|Home]] > [[Configuration]] > [[Platform Configuration]] > Roles
 +
</div>
 +
{|style="width: 100%"
 +
|- valign="top"
 +
|style="width:73%"|
 
==Introduction==
 
==Introduction==
 
A Role is a collection of rights that allow a user to perform particular actions in Hornbill.  
 
A Role is a collection of rights that allow a user to perform particular actions in Hornbill.  
 
<br>
 
<br>
 
<br>
 
<br>
Hornbill comes equipped with a range of roles ready to associate to your Users. With each App that's installed, the number of roles available to associate to your users increases as each App is delivered with a set of default roles specifically designed to govern access to that application.
+
Hornbill comes with a range of roles ready to associate to your users. Each app is installed with a set of default roles specifically designed to govern access to that application. Manage Role assignments to your users or create some of your own.
 
<br>
 
<br>
 
<br>
 
<br>
In order for Users to access various parts of Hornbill they need to be given the appropriate roles. This is done using [[Administration|Hornbill Administration]].
+
In order for Users to access various parts of Hornbill they need to be given the appropriate roles. This is done via the [[Configuration]] area.
 +
 
 +
|style="width:5%"|
 +
|
 +
|style="width:22%; border-style: solid; border-width: 1px; border-color:#e6e6e6; background-color:#f2f2f2;"|
 +
 
 +
== Related Articles ==
 +
:* [[Collaboration Roles]]
 +
:* [[Document Manager Roles]]
 +
:* [[Service Manager Roles]]
 +
:* [[ITOM Roles and Rights|IT Operations Management Roles]]
 +
|}
  
 
== Associating Roles to Users ==
 
== Associating Roles to Users ==
Roles can be associated to a User in two ways:
+
===Who can associate Security Roles to Users?===
* Navigate to a specific User Account and select and save roles in the "Roles" field.
+
Hornbill is designed to only allow the association of roles if the User who is performing the assignment of a particular role already possess the same system/application rights among the roles that they themselves possess.
 +
The "Admin" user account (which possesses the Super User Role) is exempt from this rule and has the ability to assign any role to any other user, therefore it is advised that you use this account (or another Super User Account) to allocate roles to the rest of the Users.
 +
<br>
 +
===Where do I associate Roles to Users?===
 +
Roles are managed in the Configuration area and can be associated to a User in two ways:
 +
* Navigate to a specific [[User Account]] and select and save roles in the "Roles" field.
 
* Navigate to a specific role and click on the "Assigned Users" tab. Associate more users to this role by clicking the "Add Users" button.
 
* Navigate to a specific role and click on the "Assigned Users" tab. Associate more users to this role by clicking the "Add Users" button.
 
<br>
 
<br>
Hornbill is designed to only allow the association of roles if the User who is performing the assignment of a particular role already possess the same system/application rights among the roles that they themselves posses.
 
The "Admin" user account (which posses the Super User Role) is exempt from this rule and has the ability to assign any role to any other user, therefore it is advised that you use this account (or another Super User Account) to allocate roles to the rest of the Users.
 
 
 
== What Roles should I Associate? ==
 
== What Roles should I Associate? ==
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
Line 22: Line 45:
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
 
Two types of Role exist within Hornbill, Security Roles and Assignment Roles:
 
Two types of Role exist within Hornbill, Security Roles and Assignment Roles:
* Security Roles - Are used to control access to the different Hornbill Applications and also to the different areas within each application.
+
* '''Security Roles''' - Are used to control access to the different Hornbill Applications and also to the different areas within each application. Security roles posses a "Privilege Level" which affects whether they can be given to a basic user or full user.
* Assignment Roles - As the name suggests, are primarily there to provide restrictions on the assignment of Activities. For example, when configuring a Human Task node within a Business process, it is possible to assign that task to a Role. This is especially useful if you wish to restrict the assignment of an activity to a number of Users within a particular Group (but not all users) or if you want to expose this activity to a selection of Users across multiple Groups.
+
* '''Assignment Roles''' - As the name suggests, are primarily there to provide restrictions on the assignment of Activities. For example, when configuring a Human Task node within a Business process, it is possible to assign that task to a Role. This is especially useful if you wish to restrict the assignment of an activity to a number of Users within a particular Group (but not all users) or if you want to expose this activity to a selection of Users across multiple Groups.
It is also possible to share certain items based on an assignment Role. One example is Dashboards
+
It is also possible to share certain items based on an assignment Role. One example is Dashboards.
 +
<br>
 +
Assignment Roles can only be associated to "Application Users"
 
<br>
 
<br>
 
<br>
 
<br>
Line 32: Line 57:
  
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 +
 
=== Getting Started with Application Users ===
 
=== Getting Started with Application Users ===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
 
All application Users '''must''' have the ''Collaboration Role'' associated to their User Account. In addition to this, they will have a range of other roles depending on which applications they will need to access and the duties they will be carrying out within those applications.
 
All application Users '''must''' have the ''Collaboration Role'' associated to their User Account. In addition to this, they will have a range of other roles depending on which applications they will need to access and the duties they will be carrying out within those applications.
  
* [[What_Service_Manager_Roles_exist%3F|Service Manager Roles]]
+
* [[Service Manager Roles]]
* [[Library Roles|Document Manager Roles]]
+
* [[Document Manager Roles]]
 +
* [[Live Chat Roles|Live Chat Roles]]
 
</div>
 
</div>
 
</div>
 
</div>
Line 45: Line 72:
 
=== Getting Started with Basic Users ===
 
=== Getting Started with Basic Users ===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
All Basic Users '''must''' have the ''Basic User Role'' associated to their User Accounts. In addition to this, they will have a range of other roles depending on what content they will be required to consume in the Hornbill Service Portal.
+
All Basic Users '''must''' have the ''Basic User Role'' associated to their User Accounts.
</div>
 
</div>
 
  
=== Example User Roles ===
+
In addition to this, they will have a range of other roles depending on what content they will be required to consume in the Hornbill Service Portal:
<div class="mw-collapsible-content">
 
Knowing which roles should be given to users can be difficult.  Below are some  user roles which have some suggested security roles associated to get your started.  To upscales or downscale the employee permissions you can simply add or remove roles.
 
== Service Desk Analyst ==
 
Collaboration
 
Incident Management User
 
Service Request User
 
  
The Service Desk Analyst will be able to view, log new, update and resolve Incidents and Service Requests as well as view configuration items.
+
i.e.
 +
'''''Basic User Role''''' (Mandatory)<br>
 +
+ '''''Self Service User''''' - provides Service Manager functionality via the Employee Portal <br>
 +
+ '''''Docmanager Portal''''' - provides Document Manager functionality via the Employee Portal<br>
 +
+ '''''Portal Chat Session User''''' - provides Live Chat functionality via the Employee Portal<br>
 +
and so on.<br>
  
== Advanced Service Desk Analyst ==
+
Generally speaking, where an application is capable of delivering content via the Employee Portal, there will be a role controlling whether the content will be available to a Basic User.
Collaboration
+
<br>
Incident Management User
+
'''NOTE:''' A Basic User account cannot posses a role which has a privilege level higher than "basic". Basic Users cannot be given assignment roles.
Service Request User
 
Change Management User
 
Problem Management User
 
 
 
The Advanced Service Desk Analysts can perform the same tasks as the Service Desk Analyst but their role also includes Change Management, Problem Management and Known Errors.
 
 
 
== Service Desk Manager ==
 
Collaboration
 
Service Desk Admin
 
Services Manager
 
Dashboard Viewer
 
 
 
The Service Desk Manager will be able to log new, update all call classes as well as the ability to cancel calls or re-open closed calls.  In addition the Service Desk Manager can create new Services or edit existing Services. If you have not purchased the Hornbill Performance Analytics package the Dashboard viewer will not work.
 
 
 
== Change Manager ==
 
Collaboration
 
Change Management User
 
  
The Change Manager will allow the user to view, log new, update and resolve Change Requests only.
 
  
== System Administrator ==
 
Admin Role
 
Super User Role
 
 
This roles will allow unrestricted access to the configuration of your Hornbill Instance and should only be given to your database administrator.
 
 
</div>
 
</div>
 
</div>
 
</div>
 +
<br>
  
 
== Custom Roles ==
 
== Custom Roles ==
In the unlikely event that the range of System Roles supplied with Hornbill do not cater for your specific needs, it is possible to create your own Security and Assignment Roles.
+
In the unlikely event that the range of roles supplied with Hornbill do not cater for your specific needs, it is possible to create your own Security and Assignment roles.
 
<br>
 
<br>
 
Creating a new Assignment role is very simple and straightforward.
 
Creating a new Assignment role is very simple and straightforward.
 
<br>
 
<br>
However, creating a custom security role is quite an advanced task as it potentially requires becoming familiar with Hornbill's API documentation found at https://api.hornbill.com/docs/ in order to specify the correct system rights and database table access against the role.
+
However, creating a custom security role is quite an advanced task as it requires familiarity with Hornbill's API documentation found at https://api.hornbill.com/docs/ in order to specify the correct system and application rights against the role.
  
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 
=== Creating a Custom Role ===
 
=== Creating a Custom Role ===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
:# Launch [[Administration | Hornbill Administration]]
+
:# Launch [[Administration | Configuration]]
:# Select which application you are interested in the selection box at the top left
+
:# Select where the new role will be created (either Platform Configuration or a specific Hornbill App) from the drop down menu.
:# Select ''Roles'' then Roles
+
:# Click "Roles" under the section "User & Guest Access"
 
:# Select '+ Create New Role'
 
:# Select '+ Create New Role'
:# Specify the type of the new role
 
 
:# Complete Role details...  
 
:# Complete Role details...  
:::* Role ID - Name of new role. It must be unique.
+
:::* Role ID - Name of new role. It must be unique and cannot be changed later.
 
:::* Privilege Level - For most roles this will be User
 
:::* Privilege Level - For most roles this will be User
:::* Applications - Can apply to one or more Apps that will use this role
+
:::* Type - Security or Assignment
:::* Groups = Please leave blank
+
:::* Description - What the role has been created for
:::* Shared Mailboxes = Name of required mailbox
 
 
:: 6. Click "Create Role" to Save
 
:: 6. Click "Create Role" to Save
 +
: Once created, if the role was created in the context of Platform Configuration it's possible to add or update the application context or tie the role to a Hornbill Shared Mailbox. If the role was created in the context of a specific app, the application context cannot be amended.
 
<br>
 
<br>
: Here is an example of a new role definition:
 
 
:: [[File:New_role.png|700px|new role]]
 
:: [[File:New_role.png|700px|new role]]
 
</div>
 
</div>
Line 119: Line 119:
  
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1000px">
 +
 
=== Modifying a Custom Role ===
 
=== Modifying a Custom Role ===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
:# Launch[[Administration| Hornbill Administration]]
+
:# Launch[[Administration| Configuration]]
:# Select which application you are interested in the selection box at the top left
+
:# Select Platform Configuration or the application you are interested in from the Configuration drop down at the top left
:# Select ''Roles'' then Roles
+
:# Click "Roles" under the section "User & Guest Access"
 
:# Select the role that needs changing
 
:# Select the role that needs changing
 
:# Edit the details and then 'Save Changes'
 
:# Edit the details and then 'Save Changes'
Line 134: Line 135:
 
=== Deleting a Custom Role ===
 
=== Deleting a Custom Role ===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
:# Launch[[Administration | Hornbill Administration]]
+
:# Launch[[Administration | Configuration]]
:# Select which application you are interested in the selection box at the top left
+
:# Select Platform Configuration or the application you are interested in from the Configuration drop down at the top left
:# Select ''Roles'' then Roles
+
:# Click "Roles" under the section "User & Guest Access"
 
:# Mark the check box for role that needs deleting
 
:# Mark the check box for role that needs deleting
:# Using the drop-down menu next to the '+ Create New Role' button, click 'delete selected'and confirm.
+
:# Click the delete button located to the top right of the roles list.
 +
<br>
 
</div>
 
</div>
 
</div>
 
</div>
 +
[[Category:Configuration]][[Category:HDOC]]
 +
-->
 +
<!-- esp-config/organizational-data/roles -->

Revision as of 23:25, 20 November 2023

This document can now be found at its new location in the Hornbill Document Library.

Hornbill Cloud

Retrieved from "https://wiki.hornbill.com/index.php?title=Roles&oldid=31564"