This page documents how you can grant specific permissions to Users and Groups which define their access to a specific process.
Within an organisation, it's often the case that several people require access to the same process, although generally it's not expected that everyone will be granted the same access level.
Duco offers multiple user roles for a given process. These fall into two categories: process access level, and exception handling capabilities.
Process Access Level
|Controls access to the process
|Can change the process settings (in the cash module, a config admin can delete statements)
|Can action on exceptions
|Can upload data via the web interface
|Can run a process
|Can see run results but make no changes
|Can action on a subset of exceptions, limited to those exceptions allocated to a Group the user is a member of
|Can stop the run while it is queuing or running and restrict who can stop an ongoing run for each process
Exception Handling Capabilities
|Can allocate exceptions to groups and individuals within those groups that have either the investigator or operator role
|Can close exceptions
|Exception Force Closer
|Can force close exceptions
|Can force match exceptions
|Break Apart Match
|Can break apart a matched or partially matched item
|Break Apart Roll-Up (Cash module only)
|Can break apart a rolled-up item
These Roles can be mixed and added as appropriate. Multiple roles can be assigned to a given User or Group, allowing you to layer their access level as desired.
The following table illustrates the relationship between roles and permissions at the process access level:
* Grants access to standard workflow actions. Special workflow actions require additional exceptions handling roles (see Exceptions Handling Capabilities table above)
- When a user creates a process, they will get the Data Uploader permission alongside the existing Viewer, Config Admin and Operator.
- If the user only has the Data Uploader role, it will not be possible to see results for the process and therefore won't be able to submit files. Even with the Viewer role, the user still needs to add at least one of these roles (Investigator, Operator, Config Admin).
- The Data Uploader role is not required, to re-run a process with carry-over data, if a user has Operator, Config Admin or Investigator role. However, the user can only submit new data if there is the Data Uploader role.
As the above table shows, the roles are hierarchical. Although it doesn't make sense to give a user more than one role, doing so does no harm.
To view the permissions screen:
- Click on Settings
- Click on Permissions
If you only have User admin role for a process, then you can access the permission screen via the main Processes screen.
When you first create a process, you will be the only user with default access. As you will automatically be configured as a User admin, you can then add any number of Users and/or Group to the process, defining which roles they receive.