Security Management
Security in RiskView The Security functionality allows Users with Admin Group Permissions to: – Setup and maintain the Users that can access the system – Setup and maintain the Registers that separate the risk data into logical groups – Setup and maintain the way in which functionality is bundled together – Setup and maintain the Users that can access the functionality in specific Registers
Security in General Security comprises the following elements
Security Workflow Process 1. Setup and maintain Users 2. Setup and maintain Permission Groups 3. Setup and maintain Registers 4. Associate User, Permission Groups and Registers
Users Users are the People that can login to RiskView Users are Global, meaning that they are visible throughout the system Users/People (same thing) are maintained via: - Admin > People (as general Users see them) - Security > Users (as Admins see them) Person + Username + Password = User
Forms and Permission Groups Edit With Edit permission, users can view, print, Standard system include… create, edit and delete records. • • Action Manager Risk Study Viewer • Action Viewer • Assurance Manager • Assurance Verification Manager • Assurance Verification Viewer Firstly, all the forms from a module are • Assurance Viewer bound together into a Permission Group • Bowtie Manager View • Bowtie Viewer • Exception Manager • With View Exception Viewer • Project Manager permission, users can • Project Viewer only view and print • Risk Study Manager records, they cannot But Admin users can add their own alter records. Permission Groups can support both View only and Edit access
Background on Permission Groups Permission Groups are comprised of interacting forms e.g. a Bowtie comprises Risk Scenario, Risk Cause, Risk Consequence and Risk Control forms. System-Wide permissions apply to the forms that are common across the system e.g. when a Base Control is created, it can be seen in every register. Permissions cannot be changed but are made available so that their context and usage can be understood Register permissions apply to forms that are specific to a register e.g. when an Action is only visible in the Register within which it was created.
Permission Groups • The Groups shown here are the standard system Groups and apply to the standard modules. • You can add your own groups or group many groups together if that makes it easier to manage. • Each Group can have both View and Edit permissions to different forms • Each Group can include other Groups
Linking Permission Groups and Users to Registers For Users 1, 2 & 3 As Users 1, 2 & 3 have permissions set at Register 1, they automatically have the same permissions on all the child registers as well Important Note Permissions on Register items apply only to items within that register e.g. view permission on an Action means that the user can see Action in the specified Register (and its children) Permissions on Global items apply irrespective of where that item appears e.g. edit permission on a Base Control has a global effect For Users 4 & 5 As Users 4 & 5 have permissions set at Register 1.1, they automatically have the same permissions on all the child registers as well
Adding a User to a Group of Permissions on a Register To give Users permissions within a Register: 1. Select the Register 2. Choose Edit Register 3. Click to Add a new Associated Permissions entry 4. Specify the Name of the Associated Permissions 5. Specify the Users and the Permission Groups having access 6. Press OK to close
Security Workflow Process Summary 1. Setup and maintain Users 2. Setup and maintain Permission Groups 3. Setup and maintain Registers 4. Associate User, Permission Groups and Registers
Starting the Process 1. Design and implement the Register Structure Hierarchy based on corporate divisions, projects, locations, etc. 2. Review and fine-tune the default Permissions Will the permissions/groups give you the flexibility you need going forward 3. Identify the Users and import/setup their details Importing from Excel can save significant time 4. Map and implement the Users and their required Permissions A matrix can be a useful tool here
Going Forward… To make it easier to manage the process, RiskView 7.7.1 will have a new View which will bring all the security elements on to one page. For each Register, it shows: • The Users who have permissions • The Register from which the permissions were set • The Name of the Associated Permissions entry • All the Permissions Groups assigned In the near future, this View will be further enhanced to support editing so all security can be managed on one page.
Feedback and Comments We aim to provide information that is pertinent, on-target, well-structured, accurate and above all helps you achieve your risk management tasks faster and with more confidence. If you feel that we can improve in any way, then please let us know at support@meercat.com.au
Recommend
More recommend
