Working with User Roles
Sites often have sets of users who have the same job or role. You can have multiple CAD specialists working on updating plans, for instance. You might run a series of outsource or contract people through that role as well.
From a security standpoint, user roles define how the generic "atomic" groups map to the needs of classes of users within your specific organization.
As such, you don’t assign groups directly to users, but instead you aggregate the "atomic" group permissions into user roles, which define the collection of groups your types of users need in order to do their jobs.
The roles at your site might correspond fairly closely with the lowest level of security group. For instance, you might have roles that:
- edit lease and property information
- update the list of rooms
- update room polyline boundaries and their associated areas and department assignments
- review updated financial calculations presented by the Summarize Costs actions.
Each of these "roles" correspond to a single hierarchical group code.
However, your roles might span these "atomic" groups. You could have a department responsible for two different functional areas, such as space and real property management (i.e. they should have the "spac" and the "rplm" tasks). Or your CAD specialists might have responsibility for all CAD tasks, regardless of business function (i.e. they should have the "%cad" tasks).
Typical roles are:
- Facility Manager
- Space Planner
- CAD Specialist
- Real Estate Manager
- Real Estate Broker
- Real Estate Admin Aide
- Move Planer
- Maintenance Manager
- Craftsperson
- DBA
- System Integrator
- CIO (access all top-level or KPI results)
- Manager (access all groups that approve cost items)
- Employee (access all employee relations task groups)
When using the hierarchical security feature, you don't assign individual groups to afm_users, you assign roles so as to give the appropriate access to all relevant groups all at once. For instance, if you have the same "Corporate Real-Estate" organization managing both real estate and space management tasks, your roles may look like this:
| Role | Security Groups |
|---|---|
| Corporate Real Estate | rplm%, spac% |
| Corporate Real Estate Data Entry | rplm-rev-ed, spac-rev-ed |
| Corporate Real Estate Strategic | %cio |
| System Administrator | %sys%,spac%,rplm%,des%,fe%,telc%,bops% |
Archibus User Roles table (afm_roles)
On the Navigator, access this table at:
- System / Archibus Administrator - User and Security / Add or Edit User Roles
| Field | Purpose |
|---|---|
|
Role Name |
The shorthand name for the role, e.g. SITEAMGR, SITEACF, SITEBMGR, etc. |
|
Role Title |
The descriptive title, such as. "Site A -- Manager" |
|
VPA Restriction |
A VPA restriction specified in XML format. This restriction applies to al users assigned to this role when they log in. |
|
WW Preferences |
This field was used by Client/Server for entering Call Center Wizard preferences for this role. (Prior to V14.3, this field existed in the Archibus Groups table.) |
| License Level |
Dictates what License Level all users of this role have. When a user logs in, the program signs out another license of this level. For information on the license levels, see Licensing Levels. You can also set your role to sign out an Application Connection Point license by setting the License Level to “Activity ACP”. Note that the values for License Level are the same values as the License Level field in the afm_processes table. |
Note: Any change in roles or their assignments to users requires that you select the Flush Cached User Accounts and Roles button, located in the upper right corner of the Ad or Edit User Roles view. See the User Help topic Archibus Web Central User's Guide / Archibus Administrator - User and Security / User Management / Flush Cached User Accounts and Roles.
Archibus Groups for Roles table (afm_groupsforroles)
Use this table to assign an arbitrary number of groups to each Role record. Allow 64 character group names in this assignment table.
| Field | Purpose |
|---|---|
|
Role Name |
Validated by the Archibus Roles table. |
|
Group Name |
Validated by the Archibus Groups table. |
See Also
Getting Started with Roles, Users, and Processes
Archibus Web Central User's Guide / Archibus Administrator - User and Security / Security Group and Roles / Assign Processes to Roles or Users in Archibus User Help