You must set up the access privileges associated with each role.
To rename a role or set the role ID:
1
In the Admin Explorer, expand Security and then
Roles by clicking their plus 
signs.
2 Select a role from the list to display the role’s properties on the right.
3 Click the Settings tab.
4 Modify the Role name, Role ID, or Role description.
5 Click Update.
To configure domain access for a role:
1 In the Admin Explorer, expand Security and Roles.
2 Select a role to display the role’s properties on the right.
3 Click the Domains tab.
4 Click the Access checkboxes to select the domains that users of this role can access.
5 Click the Domain Admin checkboxes to select the domains that users of this role can modify.
Domain Administrators can modify charts, profiles, indexes, and other elements associated with a domain; they cannot modify system and security settings.
6 Click the Change Mgmt checkboxes to select domains for which users of this role can access the change management administration interface. See Change Management Administration for more details.
7 Click the Blueprint checkboxes to select domains for which users of this role can access the Blueprint Administrative Interface.
8 Click Update.
To configure view access for a role:
1 In the Admin Explorer, expand Security and Roles.
2 Select a role from the displayed list to display the role’s properties on the right.
3 Click the Views tab.
4 Select a Domain from the drop-down list. If multiple domains are defined, you must define view access for each domain.
5 Use the Access checkboxes to select the views the role can access.
6 Click Update.
To configure field-level security for a role:
1 In the Admin Explorer, expand Security and Roles.
2 Select a role to display the role’s properties on the right.
3 Click the Fields tab. See Managing Field-Level Security to complete this procedure.
To restrict access within a domain:
1 In the Admin Explorer, expand Security and Roles.
2 Select a role from the displayed list.
3 Click the Restrict tab.
4 Select a domain. If you have multiple domains, you must define field access for each one.
5 You can restrict Access to the Chart, Directory, OrgTree, or Blueprint modules associated with each domain by selecting one of the following options:
Open: All records are accessible.
None: No records are accessible.
Limited: Access to records is restricted based on a Top Box (Top of Chart). Users can see any record below and including the designated top box.
6 If you choose Limited access for the Module, you must define the Top Box. Designate a top box using one of the following options.
Top of Chart: The top-most box in the hierarchy defines the top box. Selecting this option is the same as selecting Open Access.
Myself: The current user designates the top box.
My OrgUnit chief: The head of the current user’s OrgUnit (or division) designates the top box.
OrgUnit: Designates the chief position of the selected OrgUnit as the top box. Click the Select button to specify an OrgUnit, then click OK.
Level N supervisor: Designates the current user’s manager (N=1), or manager’s manager (N=2), etc., as the top box.
Level: Specify the current user’s supervisor based on the level. For example, level 1 typically equates to the CEO, level 2 typically equates to a Vice president, and so forth.
Filter: The top box is designated
by the first matching record. All records that are subordinate to the
top box are accessible by the user.
OR
To restrict access to records that are subordinate to the top AND match
selected filters, click the Select
button, choose the filtering options
you want to use, and click OK.
Note: Select Enable Chain of Command to allow access to the records associated with the direct chain of supervisors for the selected top box. If you select the Enable Chain of Command option, you can also specify the maximum number of supervisor levels that a user can access above the top box.
To configure access to Options:
1
In the Admin Explorer, expand Security and Roles
by clicking their plus signs.
2 Select a role from the displayed list to display the role’s properties.
3 Click the Options tab.
4 Select a domain. If you define multiple domains, you must define option access for each one.
5 Use the Enabled Features area to specify which features are enabled for each domain.
Note: You can restrict a user’s access to the OrgPlus Enterprise Modeler by deselecting the Send to Modeler option.
6 Use the Enabled Panels area to specify which panels are enabled for each domain.
7 Click Update.
To configure access to External Links:
1
In the Admin Explorer, expand Security and Roles
by clicking their plus sign.
2 Select a role from the displayed list.
3 Click the Links tab.
4 Select a domain. If you have multiple domains, you must define Link access for each one.
5 Select which Links are enabled for each domain by clicking their checkboxes.
Note: See External Links for more information.
6 Click Update.
To configure access to the Blueprint module:
1 In the Admin Explorer, expand Security and Roles by clicking their plus signs.
2 Select a role from the displayed list to display the role’s properties.
3 Click the Blueprint tab.
4 Select a domain. If you define multiple domains, you must define Blueprint access for each one.
5 Select either the Blueprint Editor or Blueprint Administrator for each role.
Blueprint Editor: Blueprint Editors can create new blueprints and copy, compare, edit, and delete any blueprint they create.
Blueprint Admin: Blueprint Administrators have all of the same privileges as Blueprint Editors. They can also compare, edit, delete, and action any blueprint created by a Blueprint Editor.
6 Select the option Can edit position field if your blueprint users need to edit the position field information in their blueprints.
Note: Permitting Blueprint users to edit the position field is not recommended. The position field is used to identify records in blueprints. Editing the position field can lead to unexpected results when actioning blueprints.
7. Click Update.
To configure access to the Change Management module:
See Also
