How to create a role with minimal access
This topic explains how to create a new role with minimal access permissions, for example an auditor role that can only access the Audit Process To-Do List and view specific reports.
Procedure
-
Create a new role.
- Log in as accessmgr, navigate to Access > Access Management, and select the Role Browser.
- Click the Add Role button, give the role a name, and click the Add Role button to create the new role.
-
Manage permissions so the new role can only access the Audit Process To-Do
List and the Report Builder (which is required for viewing
reports).
- From the Role Browser, click the Manage Permissions link for the new role.
-
Select the checkbox in the header of the Accessible Items list and use
the arrow to move all items to the Inaccessible Items list.
When creating a highly restricted role, it is easier to begin by removing permissions.
-
In the Inaccessible items list, select the Audit Process
To-Do List and the Report Builder, and use the arrow to move them
back to the Accessible items list.
The new role now has access to only these two specific applications.
- Click the OK button to commit your changes.
-
Customize the menus and navigation by defining which reports and applications are available to
the new role.
- From the Role Browser, click the Customize Navigation Menu link for the new role.
-
In the Navigation Menu list, select the Reports
group so it is highlighted.
The selected group acts as the destination for menu items added in subsequent steps.
-
In the Available Tools and Reports list, expand the
Reports section or use the Filter to identify specific
reports, select the check box next to each item that should be available to the new role, and use
the arrow to add the items to the Navigation Menu list.
Items moved into the Navigation Menu list will become visible to users assigned to this role.
-
In the Navigation Menu list, remove access to the Report
Builder by clicking the icons next to the Reports > Report Configuration Tools and Investigate groups.
This further simplifies the menu structure for this role and removes access to the Report Builder tool without also removing application permissions that are required to access reports.
-
Click the OK button to commit your changes.
You have now created a new role with very minimal privileges that can be assigned to users.
-
Optionally specify a custom home page for the new role.
- From the Role Browser, click the Customize Navigation Menu link for the new role.
-
In the Navigation Menu list, specify a new default home page by
selecting Comply > Tools and Views > Audit Process To-Do List and clicking the icon in the toolbar.
Users assigned to this role will now see the Audit Process To-Do List as the default screen after logging in.
- Click the OK button to commit your changes.
-
Create a new user and add that user to the new role.
- Navigate to Access > Access Management and select User Browser.
-
Click Add User, provide the required information, and click
Add User to create the new user.
You will now see the user you created listed in the User Browser.
When a new user is created, the account is disabled by default. Deselect the Disabled check box if you want the user to have immediate access to their account.
- From the User Browser, click the Roles link for the new user to view a list of available roles.
-
Select the Assign check box next to the custom role you created earlier.
This will assign the user to the new role.
-
Deselect the Assign check box next to the user role.
Deselecting the user role prevents the new user from inheriting the default user access and permissions.
- Click Save to commit your changes.