Provides users with an in system overview of Role Permissions. You can watch this video for an overview to learn about this topic or keep reading the article below.
Available to watch in - French, German, Spanish, Italian, Polish, Dutch, Brazilian, Portuguese, Chinese (Simplified)
Role permissions will grant system users the ability to access module areas and create, edit, delete data. They will also allow a user to utilise module related actions or grant access to running standard and quick reports on the module records.
Role permissions also include using or being included in the approval and review workflow of module records, including the ability to view confidential records.
Roles apply to specific modules and org units (including child org units if required) for a system user.
When configuring a role permission, the modules added at the bottom of the page will be where these role permissions are applied, you can then select this role within a user profile and apply the role to org unit(s) where required.
The system user will then have the permissions within the role applied to the relevant org unit(s) only, they will not be able to view data out with the org unit(s).
Inherit is overridden by Allow and Deny.
Deny overrides Allow when resolving permissions.
When resolving permissions in an organisational tree structure, if Inherit is set for a particular action, the system will continue to look up the organisational structure until it finds a value (either Allow or Deny).
If no value is set at root, it’s treated as Deny.
If a user's Role permission Includes Children, all Org Units underneath will share the same permission as its parent.
Navigate to Settings - Organisational Configuration - Roles
Click the New icon to create a new Role or click the cog menu against an existing Role and select Edit to make changes
Individual Permissions explained:
Read – View module record contents and the detail view page of the record. (Read-Only).
Write – Create, edit, and copy module records. Add or edit attachments against module records.
Create actions against module records.
Delete – Delete module records.
Assign - Gives the User the ability to be Assigned a record, to Assign an "in progress" record to a User, and Submit an "in progress" record in the Approval Process workflow
Override Assign - Edit the assigned stage of a module record (change assignee and change submission due date).
Approve – Eligible to be selected as a default approver within an organisational unit (including user roles). User will also appear for selection if using the manual approval workflow.
Force Approve – Approve a module record that you are not the designated approver of.
Archive – Archive a module record, archiving must be enabled in the module and system settings.
Can Edit Approved/Archived Records – Edit an approved or archived module record.
Review – Eligible to be selected as a default reviewer within an organisational unit (including user roles). User will also appear for selection if using the manual review workflow.
Override Auto Ref – Can uncheck system assigned referencing, allowing for a custom reference when creating a module record.
Delete Attachments – Delete attachments from a module record.
Add/Remove policies – Add and remove policies within the Policy/Guidance/Method Statement area and link these to module records.
Confidential Record – Create a module record as confidential and be able to view other confidential records. Users without this permission will not see the "Is this Confidential?" tickbox in the associated module forms.
View Audit Trail Log – View the audit trail log for records. (Created by, edits etc).
Submit RIDDOR to HSE –Submit a RIDDOR record to the HSE within the RIDDOR module.
View Reports – Run standard reports within a module, also includes running user created quick reports.
Configure Dashboard – Create and edit quick browse, quick add links and create Assure charts on their homepage or module dashboards.
Link to Records by Module – Similar to "Link to any record" supervisor privilege, when enabled will allow the user to link to any record for the associated modules in the role permission.
This permission will be overridden if "Link to any record" is set to Deny within the supervisor privilege.
To use this permission correctly, set "Link to any record"to Inherit.
If Link to any record is set to deny it will be disabled
If link to any record is set to allow then this permission is ignored.
Permissions that to not apply to Modules.
Override Review – Edit the review stage of a module record (change review by and review due date). – Can be utilised in review manager.
Delete Review – Delete a review from a module record or review manager. – Can be utilised in review manager.
Reassign Action – Reassign an action to another system user. Can be utilised in action manager.
Override Actions – Edit a module record or freestanding action (change action for and action priority, detail due date). Can be utilised in action manager.
Delete Actions – Delete module record or free-standing actions. Can be utilised in action manager.
View Tasks for Other People – View tasks that are not your own (Actions, Reviews and Approvals).
Confidential Item – View questions marked as confidential in an IQ template.
Manage Portal Queue – Process or reject (with a reason) portal questionnaires that have been submitted to the portal queue.
View Personnel Data – See personnel data on module records (Name, address, phone number, email, and other personal details). Data is viewable in Incident records and person register primarily.
Reassign IQ – Redundant.
Modules
Add/Remove the modules where these role permissions are applied, you can then select this role within a user profile and apply the role to org unit(s) where required.