The Role Configuration dialog (Security Wizard)

To access this dialog: This is the fourth dialog in the Security Wizard. It is only displayed if you select Select privileges manually in the third dialog.

Use this dialog when setting up role-based privileges. Here you adjust which privileges are associated with each of the default roles.

The dialog lists all of the privileges in a table:

The left column lists the predefined privileges.
The remaining columns contain the default roles.
Each cell contains one of the following symbols. Click the symbols to toggle them.
– privilege granted to the role
– privilege denied
– not specified

Note: Privileges are organized in a hierarchy. For example, Move Documents to Other Process Steps is under System Management. In order for users to be able to move documents to other process steps, they must have both privileges.

Important: Privileges granted take precedence over privileges denied. If a user is assigned to two or more roles, and a privilege is granted to one of those roles but denied to the other(s), then the user is still granted that privilege. This is in contrast to permission handling in Windows.

The same is true when user groups are assigned to two or more roles.

Requirements

The Administrator role must not be locked out.
If a privilege is granted or denied to any role, then it must be either granted or denied to all roles. (For example, you cannot specify that the Administrator can delete document types, but then not specify whether the other roles can delete them.)

Security Manager plug-in

Assigning privileges manually