About Security group rights

Security group rights is part of the WorkZone security system. The purpose is to assign the proper permissions to the WorkZone users. Security group rights are configured in WorkZone Configurator (in WorkZone Configurator, select Security > Security group rights). See Security group rights for more information.

Prerequisite: To view or edit security group rights, you must have the DATAADM access code.

Security codes

The WorkZone security system is based on 10 security codes: 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10. For each of these security codes, the system administrator must configure a set of permissions for every register and table of the system.

Important: Only security codes 1 through 9 are used by WorkZone Client end users. Security code 10 is exclusively for the use of KMD technicians.

Permissions

For each security code you can configure 4 permissions:

  • Search: Permission to find and view entities and their information in the database.
  • Update: Permission to edit and change existing entities and their information in the database.
  • Insert: Permission to create new entries or their information in the database.
  • Delete: Permission to delete entries or their information in the database.

For cases, you can configure two additional permissions:

  • Lock: Permission to terminate cases.
  • Unlock: Permission to unlock cases that have been terminated.

See also: Permissions.

The system administrator must define which permissions are assigned to each security code in the corresponding tables (registers) of the database.

The permissions of the security codes on the entity level may deviate from the permissions on the entity information level. Consequently, a security code with few permissions may have more or extended permissions to one or several of the tables.

See also: Registers and tables.

Groups of users

The permissions of each security code can be configured to reflect the demands of specific groups of users. When a user logs on to WorkZone Client, the security code assigned to the user defines what the user is allowed to do.

Active Directory - AD

You can assign security codes to users in Active Directory (AD). When a WorkZone user is created in AD, the user must be made a member of a distribution group, representing one of the security codes. When the user's relevant AD information is transferred to the WorkZone Content Server database, the user is automatically allocated the correct security code and the corresponding permissions for registers and tables in the database.

Resetting the IIS Admin Service

If you change the configuration of security, you must reset the IIS Admin Service for your changes to take effect.

Restriction of user permissions

Despite a user's high security code and extensive access code profile, it is possible to restrict an individual user's access to the system with regard to Case Permissions,  Organizational Permissions and  Contact Permissions.

See also: Restrictions of user permissions.