Administrators can control not only the data a user can create, update, and delete, but also access to exports, reports, and screen assignments.
Cartegraph recommends establishing security at a more strict level while still meeting the security needs of the organization. If through use of the software additional application security needs are determined, build additional roles based on the initial basic security.
Cartegraph comes with four default roles, Default Administrator, Default Power User, Default User, and Internal Request User, as well as a process to create your own:
- Default Administrator: All users have access to all areas of the system.
- Default Power User: All users have full access to the system with limited Administration options.
- Default User: All users have full access to the system but no Administration options.
- Internal Request User: All users have access to the Internal Request feature.
- New role: Create a role, and all users of that role have access as defined by the Administrator, requires opt-in security.
Organizations have the ability to create new roles based on their needs. Use the default roles as a starting point, copy an existing role to create a role. An Administrator grants or denies rights as appropriate within the role settings. Any roles created by an organization have opt-in security. When new features are introduced, organization-created roles will be denied access to the feature. For example, newly installed asset, created structure, or released feature. An Administrator decides which roles have access to the feature, and opt into those roles by granting them access to the feature.
An excellent starting point in the development process of the Security Setting is to:
- Define your Cartegraph Users
- View the Security or role groups that are already established in the organization
- Break down your users into roles towards how they will utilize the application
Examples of roles that could be established:
This person has full access to the application.
Users can add, update, and delete all types of records, except reports. This person does not have access to the Administration View or Reports create, update, or delete.
Users can navigate through records and run necessary reports. This person cannot change any records or reports in the application.
Users can create, update, and delete Tasks, Work Orders, and assign Resources on Time sheets. But this user will not have access to any Resource records.
Start with a strict security setup and add privileges to users as needed. After working with the system you can determine additional security needs for the roles.
Use Security Settings to make changes in these Security Roles:
Allow or Deny access to:
- Screen Assignments
- Security Assignments
- Child-level records
- Reports Create, Update, and Delete
- Command Permissions
Set Global Command Permissions to Allow or Deny, or Create custom security. This allows for setting permissions to different actions globally.
Customers sometimes request security prevention of data sharing between departments. Department Roles can be made to simplify the Security within the departments.
For example, create a Street Department role and deny access to the different Assets not managed by the Street department. This gives the user the ability to view the denied Assets in libraries, but not have access to their records or view them in the Map view. In this example the user still has the ability to add a Linked Asset and view the Linked Assets on the map.