Four eyes permission control is functionality that provides an additional approval step for certain operations within Duco. For example, adding or removing a user from a group or giving a user access to a process.
When Four eyes permission control is enabled, for example, if a user makes another user a viewer for a process, the change does not take effect immediately. A different user with the role of "Global Permissions Administrator" needs to approve this change. A user can not approve their own permission changes.
This feature is not enabled by default, but it can be enabled upon request. If your organisation would like to enable (or disable) this feature, contact Duco Support.
An organisation typically requests to enable four eyes permission control because they wish to have a stricter, although more burdensome, permission control or because they are required to adopt a process of this type to fulfill certain regulatory requirements.
Global Permissions Administrator
The Global Permissions Administrator role allows users to approve or reject certain permission changes. The role can be associated with Groups on the Group Administration Page and then subsequently assigned to an account.
Four Eyes changes
The following changes require approval or rejection by a Global Permissions Administrator when the Four Eyes workflow has been enabled:
- Add/Remove User in a Group
- Add/Remove Roles for a Group
- Delete a Group
- Adding/Removing User to a Process
- Adding/Removing Group to Process
- Change permission level of a User
- Change permission level of a Group
- Remove Last Admin User from Group
Group and User administration
When the Four Eyes workflow is switched off (Duco’s default setting), the addition of a Group to a user account would take effect immediately. When the Four Eyes workflow is switched on, an additional approval step is required before the changes take effect. A change will be held in a pending status until approval has been granted by a Global Permissions Administrator.
Pending modifications can be identified in the following way:
- After adding a new group, the group will be added to the edit box, but will be in a disabled state
- After deleting an existing group, the group will be disabled and the name will be struck through to indicate that it is pending approval for deletion.
- Approved groups will be displayed as usual.
When adding or removing users to/from a group, a label is applied to indicate that the particular user is “Pending addition” or “Pending removal”. Active, approved users will be displayed in the existing way.
Similarly, when deleting a group, a label is applied indicating that the group is “Pending removal”.
Process specific permissions
The Four Eyes workflow can also be used when assigning process specific roles. These roles are added using the process Permissions settings page and can be conferred to either Users or Groups.
When the Four Eyes workflow is switched on, a Status column is added to both the Users’ and Groups’ lists on the Permissions Settings page. This column displays whether a particular User or Group has pending requests. These requests will not take effect until a Global Permissions Administrator has approved them through the Permission requests page.
The Status column indicates whether the item in a row is pending addition or removal. On rows which are pending addition, it is possible to further modify the permission level of the User or Group (e.g. from the default Viewer to Operator).
Users and Groups whose changes have been approved will remain in the table, but without an entry in the Status column. However, subsequent changes to the permissions associated with these items will generate a Pending addition status.
When deleting a user or group, the row is not removed from the list until the deletion request is approved. Instead, the status column indicates that the row is pending removal.
Further modification to the row will not be allowed until the request has been approved.
Rows with no pending changes display as normal.
Reference data table-specific permissions function in much the same way as process-specific permissions. The main difference is that processes have Admin, Operator and Viewer permissions whereas reference data tables have Admin, Editor and Viewer permissions.
The Permission requests page is used to administer all Four Eyes requests, approving or rejecting them as is appropriate. It can be reached from the Administration Overview menu, although it should be noted that this page is only available to users with the Global Permissions Administrator user role, and where the Four Eyes workflow has been switched on.
The page contains a simple table that presents a line for each item pending approval or rejection. The original requester is also listed, providing a useful audit of who has been making changes. The Administrator simply selects whether to Approve or Reject the requests, with items from the table selectable either individually or in bulk.
When an approval is made, Duco will check whether the request being made is to remove the last Global Permissions Administrator (either as a User or in a Group) from a process. If this is indeed the case, Duco will display an error message and the approval will not take effect.
Only users with the Global Permission Administrator role are be able to approve or reject outstanding requests. As soon as an item has been approved, the associated changes take effect.