Role Concept

Introduction

 

The role concept has been designed to control the behavior and availability of system elements such as object classes, masks, menus, and fields as well as functions of those elements in dependence of the role of the user (his or her job function within the company).

Initially, all elements and functions are available to all users. The next step is to deny access to a function for all users (restriction method) and then to explicitly assign access privileges for those functions to individual users (assignment method).

This method ensures a high degree of security. Systematic processing is restricted to those elements and functions which actually need to be protected. This prevents unauthorized access. Privileges must be assigned explicitly to individual users for them to have access to a function and therefore new users cannot become "super users" by accident.

As a prerequisite for the use of the role concept, you need to initialize the Configuration parameter EDB-ROL-ACTIVE with the value 1.

In order to lock access to a function for all users, the corresponding privilege must be assigned to at least one role (e.g. system administrator).

 

Objects and structures of the role concept

The simplified data model of the role concept comprises three object classes for privileges, roles, and positions (dark gray symbols) as well as their links with Agile e6 object classes Organization, Project, Person, and User and Group.