Versionen im Vergleich

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

for AreaEdit Area
PermissionEnduserViewerExpertAdminIT Support
(ENDUSER)(VIEWER)(EXPERT)(ADMIN)(IT_SUPPORT)
Example employee position -->Normal userInternal AuditICS ResponsibleAdminIT Support
Read Control Setup
XX
X
Edit Control Setup

X
X
Read Control TaskX 11)XX
X
Provide support for Control Task 8)



X
Edit own/delegated Control TaskX



Submit own/delegated1) Control TaskX



Read ReportX 13)XX
X
Edit Action/Report

X
X
Create ActionX2)
X
X
Read ActionX 11)XX
X
Provide support for Action 8)



X
Capture implementation progressX3)
X
X
Close ActionX4)


X
Read Risk/Process
XX
X
Edit Risk/Process

X
X
Link Risk/Process

X
X
Read Risk AssessmentXXX
X
Edit Risk Assessment

X
X
Switch User



X
Edit DeputationX

XX
Read User Rights


XX
Edit User Rights


XX
Edit Employees/OrgUnitsXXRead AreaXXXCreate AreaXX


XX
XEdit System Configuration


XX
Read System Parameter/BatchJobs


XX
Edit System Parameter/BatchJobs



X
Read IncidentsX 11)X 12)X 12)
X
Edit Incidents

X 12)
X
Read Document  9)X 11)XXXX
Edit (central) Document  9) 10)


XX

...

X
Berechtigung


Control ExpertControl ViewerAction ExpertAction ViewerRisk ExpertRisk ViewerIncident ExpertIncident ViewerDocument AdminDocument ViewerUser AdminSystem AdminCoordinatorControl CoordinatorAction Coordinator

(CONTROL_
EXPERT)

(CONTROL_
VIEWER)

(ACTION_
EXPERT)

(ACTION_
VIEWER)

(RISK_
EXPERT)

(RISK_
VIEWER)

(INCIDENT_
EXPERT)
(INCIDENT_
VIEWER)

(DOCUMENT_ADMIN)*

(DOCUMENT_VIEWER)*

(USER_
ADMIN)
(SYSTEM_
ADMIN)
(COORDINATOR)(CONTROL_
COORDINATOR)
(ACTION_
COORDINATOR)
Hints -->IcS (Internal Controls)IA (Issues & Actions)Risk ManagementOperationel IncidentsDMS (Documents)AdministrationRarely used
Read Control SetupXX









XX
Edit Control SetupX













Read Control TaskXX









XX
Provide support for Control Task 8)











XX
Edit own/delegated Control Tasks














Close own/delegated1) Control Tasks














Read Report

XX










Edit Action/Report

X











Create Action

X











Read Action

XX







X
X
Provide support for Action 8)











X
X
Capture implementation progress

X








X
X
Close Action











X
X
Read Risk/Process



XX








Edit Risk/Process



X









Link Risk/ProcessX
X
X









Read Risk Assessment



XX








Edit Risk Assessment



X









Switch User











XXX
Edit Deputation









X
XX5)X6)
Read User Rights









X
XXX
Edit User Rights









X



Edit Employees/OrgUnitsXRead AreaXXCreate Area









X



Edit AreaXXXEdit System Configuration










X


Read System Parameter/BatchJobs










X


Edit System Parameter/BatchJobs










 X


Read Incidents





X 12)X 12)






Edit Incidents





X 12)







Read Document 9)XXXXXXXXXXXXXXX
Edit (central) Document 9) 10)








X





...

1) if delegated including Submit
2) if action type allows creation by Enduser
3) only if "May Edit" checkbox is selected for Action Owner
4) only if "May Edit" checkbox is selected for Action Owner & Enduser = Primary Action Owner
5) only for Controls
6) only for Actions
8) via Switch User
9) Scopes are: OrgUnit
10) Relevant for «central» documents – for attachments (e.g. of Tasks / Actions, ...) this right is not 
11) with own OrgUnit
12) checked are Area AND Incident Type or OrgUnit AND Incident Type 
13) only if the Enduser receives "additional read right" in a specific Report

...

Depending on the role it is possible to limit the reach of the role via scopes.
This way, user rights can be given for a certain area part in the organization in accordance with the "Need-to-know" principle. 

...

ScopeExplanationDetails und hints
OrgUnitspecifies for which OrgUnit the role is given (hierarchical scope)multiple selection possibleAreaspecifies for which Area the role is given (hierarchical scope)multiple selection possible
Incident Typeslimits the role to certain incident types only relevant für module OpLoss (Operational Incidents)
Risk Assessment-Typenlimits the role to certain risk assessment types this scope is combined with OrgUnit and Area
Document-Typenlimits the role to certain document types only relevant for module DMS

...

  • A User Admin cannot change its own In Produktion kann ein Administrator seine eigenen Rechte nicht ändern, in den Test-Umgebungen hingegen schon. 
  • Einzelne Rollen / Scopes sind nur relevant wenn die entsprechenden Module genutzt werden
  • Some roles / scopes are only relevant for specific modules
  • In some places there are additional settings that restrict user rights further, e.g.:
    • "Closed user group" in OrgUnits
    • "Always visible for own OrgUnit" im Document Type
    teilweise gibt es zusätzliche Einstellungen in den Configurationen um weitere Vertraulichkeitsstufen zu definieren, zwei Beispiele:
    • "Geschlossener Benutzerkreis" in den OrgUnit's
    • "Immer sichtbar für eigene OrgUnit" im Documenten-Typ (DMS)