Access codes

Prerequisite: Security and organizational access codes must be set up and maintained in Active Directory by your system administrator.

 

Security access codes

Security access code provides a permission for specific action to the related security group. Security groups can be used for Role-based or Group-based rights, depending on how users are defined in your WorkZone installation, for example an Approver security group would be a role-based group for users with the security requirements associated with approving something while a Test group could be used for all testers regardless of their role.

Security groups are created and maintained in Active Directory by your system administrator.

Each organization has its own structure of security groups. Some employees must be granted the extended rights to work with particular types of information. For example:

Managers must have extended access to the customers' information;

System administrators must have extended access to the database and network information;

Accountants must have extended access to the financial information.

In this example, managers, administrators, and accountants represent different security groups. To give more power to the security groups in their areas, a system administrator assigns relative access codes to each of them in Active Directory. For example, MNGR is assigned to all managers, SYSADM is assigned to all system administrators and ACCNT is assigned to all employees who work as accountants.

Each user can have multiple security access codes.

Organizational access codes

Organizational access code is an access code that provides read or write permission for a particular organizational unit or individual user.

Each organization has its own structure of organizational units. For example, it can be the following tree-type hierarchy:

This organization has:

  • 12 organizational units – each blue record stands for a separate organizational unit.
  • 4 levels of organizational units where Food Authority represents the first level.

Organizational units and Organization access codes are created and maintained in Active Directory by your system administrator.

If access rights are not defined for a particular organizational unit, the unit will inherit access rights from the next higher-level organizational unit.

Important: If you change the organizational access code for a case, document, or contact, you must grant access to yourself.

 

Corporate access codes

The WorkZone Corporate edition enables you to create groups of access codes (Corporate access codes). A Corporate access code is a combination of security access codes and organizational access codes.

(Security access code) & (Organizational access code)

Corporate access codes help you fine tune access rights for each case, document, contact, meeting or actor sequence and are only available for the WorkZone Corporate edition.

Apply the access code groups in the Read access and Write access fields for cases, documents, contacts, meetings or actor sequences in the same fashion as access codes are applied for the WorkZone Standard edition.

Default corporate access code

A newly created case, document, or contact will always contain a default corporate access code which enables read or write access to the case, document or contact.

Tip: Security access code is often called Term access code in the WorkZone Client user-interface.

  • Default security access code is always ALLEEMNER. ALLEEMNER includes all contacts in the organization.
  • Default organizational access code is the second level organizational unit of the employee who has created this case, document or contact. The first level of organizational unit is always the whole organization. On the picture in the Organizational access codes section, Food Authority is the organizational unit of the first level; Food Safety Authority and Raw Safety Authority are the organizational units of the second level.

Important: If you change the corporate access code for a case, document, or contact, remember to grant access to yourself.

Corporate access string

Corporate access strings are a concise way to represent combinations of different access codes assigned to a given case, document, or contact.

Corporate access strings include:

  • Access codes: The access codes applied in the Read access and Write access fields.
  • Logical operators: Characters that represent the logical bindings between the access codes and the Corporate access codes. The following logical operators are used:
    • &: Used to represent the AND function
    • |: Used to represent the OR function.

You can find corporate access strings in the Read access or Write access columns in lists, for example the Open Cases list.

The string from the example represents the following structure of access rights:

In other words, two groups of people can view the Region East case:

  1. Any person (ALLEEMNER) from the Region East (RE) organizational unit and section manager (Elizabeth2) who works at a different organizational unit.
  2. Any person in the company (FA) who has the WORKFLOWADM security access code.

The corporate access string for the example above would look like this: (ALLEEMNER&(ELISABETH2|RE))|(WORKFLOWADM&FA) in the Open Cases list.

Tip: The image in Organizational access codes displays the full organizational structure of the sample company.