New article
Recently updated
Assigning Access roles and privileges
Who is this article for?Administrators who want to learn to assign Access roles and privileges.
Administrators permissions are required.
This guide explores the process of assigning access roles and privileges, a fundamental aspect of information security that involves granting users specific permissions to access and manipulate data or systems based on their job responsibilities. By following the principles outlined here, organisations can effectively implement the concept of least privilege, ensuring users have only the minimum level of access necessary to perform their tasks, thereby reducing the risk of unauthorised access and potential security breaches.
1. Access roles
Video: Permissions Overview
The standard roles typically provided in all new Lucidity system builds are as follows. These can be edited by system administrators as required.
|
Role name |
Role description |
Privileges |
|---|---|---|
|
Administrator |
Administrator role for Access. |
|
|
Manager |
Using Access, a Manager can edit users and apply permissions and scoping. |
|
|
Column Configuration |
Using Access, a user can configure columns displayed on screen and in reports (in conjunction with admin role). |
|
|
Report Emailing |
Using Access, a user can configure scheduled reports on behalf of other users (in conjunction with admin role). |
|
Note: The HR General User role is assigned by default to all users of the system.
2. Access privileges
|
Privilege names |
Description |
|---|---|
|
Branding - Manage |
Allows users to manage the system wide branding (logos, splash image, colour theme etc). |
|
Column Configuration |
Allows user to configure columns. Restrict access, as any change to columns impacts all users. |
|
Dictionary Configuration |
Dictionary Configuration added as a tab. Allows user to alter field names used throughout the Lucidity Modules. Altering dictionary configuration in Lucidity can result in unintentional impacts. Please liaise with Lucidity should any dictionary changes be required. |
|
Help Entries - Manage |
Help Entries added as a tab. Allows user to manage the resources that are available to other users when they select Help within each module. |
|
Notifications - Manage |
Notifications added as a tab. Allows user to view a log of all notifications that have been sent to users. The user can also manage Notification Types and Notification Sets. Altering notification types and sets in Lucidity is complex and can result in unintentional impacts. Please liaise with Lucidity should any dictionary changes be required. |
|
Notifications - View |
Notifications added as a tab. Allows user to view a log of all the notifications that have been sent to users. |
|
Permissions - Manage Default Profiles |
Permissions added as a tab. Allows user to view, add and edit Default Profiles. Typically reserved for Lucidity to manage. |
|
Permissions - Manage Profiles |
Permissions added as a tab. Allows user to view, add and edit Profiles. The user is also able to add people to Profiles. |
|
Permissions - Manage Roles |
Permissions added as a tab. Allows user to view, add, edit, copy and archive Roles. The user is also able to add people to Roles. |
|
Report Emailing Administrator |
Allows user to select other email addresses for Email Reporting. A user will still be able to create Email Reports without this privilege, but the reports can only be sent to their registered email address. |
|
Security - Manage |
Allows user to change the Security settings in the Access module. |
|
Settings - Manage |
Settings added as a tab. Allows user to view, add, edit and delete labels in the Managed Lists for the Org Structure; States; Projects & Companies. |
|
User - Manage |
Users added as a tab. Allows user to view, add, edit, copy, delete and archive Users in Lucidity. Users added or edited via the Access Module will be replicated within the HR Module. |
|
User Groups - Manage |
Users added as a tab. Allows user to view, add, edit, copy and delete User Groups. |