Adding a Privilege Scheme
To add a privilege scheme:
- From the Privilege Scheme Search screen or a Privilege Scheme record, click Add New. The Adding New Privilege Scheme screen opens.
- In the Name field, enter a name for the privilege scheme.
- In the Default Privileges area, grant or revoke privileges for everyone in your system. See the section "Granting and Revoking Privileges" below.
- Select the Agency Privileges, Group Privileges, or User Privleges tab.
- Click the Add icon, and then select the specific agency, group, or user.
NOTE: Users who are marked as administrators in their User Profile records always have full access to the software, and privileges cannot be created for them. - To edit privileges for the entity, click Edit Modules. The Modules window opens.
- Grant or revoke privileges for the entity. See the section "Granting and Revoking Privileges" below.
- Repeat steps 4-7 for each tab.
- Click Save and Close to save the privilege scheme and close the Adding New Privilege Scheme screen. The Privilege Scheme record is displayed.
Managing privilege schemes
Once a privilege scheme is created, the effective permissions of the scheme can be viewed. The scheme can also be activated, copied, edited, printed, or deleted.Do any of the following:
- To view the effective permissions of a user if the privilege scheme was activated, see the article "Viewing Effective Permissions."
- To activate the privilege scheme, click the Activate Now link. The scheme is activated and affects all users.
- To copy the scheme, click the Create Copy link. The Adding New Privilege Scheme screen opens, with the privileges from the original scheme displayed. Modify the scheme as needed, and then click Save to create an additional privilege scheme.
NOTE: When a Privilege scheme is active, it cannot be edited or deleted. This prevents the scheme from impacting users before the changes are complete. It is recommended to copy the active scheme, make the desired changes, and then activate the copied scheme. The deactivated original scheme can then be deleted. - To edit an inactive scheme, click Edit. The Editing Privilege Scheme screen opens. Make the desired changes, and then click Save.
- To delete an inactive scheme, select Actions > Delete. The Delete Privilege Scheme confirmation box opens, asking for confirmation of the deletion. To delete the scheme, click Delete. Otherwise, click Cancel.
- To print a scheme, select Actions > Print. A preview of the scheme is displayed. To print the scheme, click Print. Otherwise, click Return to return to the Privilege Scheme screen.
Granting and revoking privileges
The Default Module Privileges area and the Modules windows display a table of the features and privileges in the system.By default, when a privilege scheme is created, all privileges are revoked. Revoked privileges are indicated with a prohibited symbol. Granted privileges are indicated with a check mark symbol. Privileges can also be inherited. See the section "Inheriting privileges" below.
For a list of the privileges that can be granted, see the article "Understanding Privileges."
TIP: Rest your mouse pointer on a symbol to view the type of privilege that can be granted or revoked.
To grant or revoke a privilege:
- Click the symbol in the column for the privilege. A list of options appears.
- To grant a privilege, click the Grant button for the privilege. To revoke a privilege, click the Revoke button. The symbol is changed to reflect the privilege.
- Click the Gear icon for the feature. A list of options appears.
- To grant all privileges, click Grant All. To revoke all privileges, click Revoke All. The symbols are changed to reflect the privileges.
Setting up inherited privileges
In the Agency Privileges, Group Privileges, and User Privileges tabs, privileges are inherited from the level just below them in the privilege hierarchy, by default. For example, Group privileges are inherited from Agency privileges.Inherited privileges are indicated with gray symbols. If a privilege has been modified so that it is not inherited, then the privilege can be changed back to being inherited.
To change a privilege to be inherited:
- Click the symbol in the column for the privilege. A list of options appears.
- Click the Inherit button. The symbol is changed to the state of the inherited privilege, and is displayed in gray.
- Click the Gear icon. A list of options appears.
- Click the Inherit All button. The symbols are changed to the state of the inherited privileges, and are displayed in gray.
"Using the Privileges Module"
"Understanding Privileges"