Access codes

Prerequisite: A system administrator must set up and maintain security and organizational access codes in Active Directory.

 

Security access codes

A security access code provides a permission for a specific action to the related security group. Security groups can be used for role-based or group-based rights, depending on how users are defined in your WorkZone installation, for example an Approver security group would be a role-based group for users with the security requirements associated with approving something while a Test group could be used for all testers regardless of their role.

Your system administrator creates and maintains security groups in Active Directory.

Each organization has its own structure of security groups. Some employees must be granted the extended rights to work with particular types of information. For example:

  • Managers must have extended access to the customer information.
  • System administrators must have extended access to the database and network information.
  • Accountants must have extended access to the financial information.

In this example, managers, administrators, and accountants represent different security groups. To give more power to the security groups in their areas, a system administrator assigns relative access codes to each of them in Active Directory. For example, MNGR is assigned to all managers, SYSADM is assigned to all system administrators and ACCNT is assigned to all employees who work as accountants.

Each user can have multiple security access codes.

Example:

TestAdmin1 has the following security access codes: DATAADM, USERADM, CONFIGADM.

TestAdmin2 has the following security access codes: DATAADM, USERADM.

Where:

  • DATAADM allows a user to configure custom fields and properties.
  • USERADM allows a user to configure case number format and organizational dictionary.
  • CONFIGADM allows a user to configure Outlook settings.

This means that administrators have the rights to configure the WorkZone installation, but TestAdmin2 is not allowed to configure Outlook settings.

Organizational access codes

An organizational access code is an access code that provides read or write permission for a particular organizational unit or individual user.

Each organization has its own structure of organizational units. For example:

In this example, the Food Authority organization has:

  • 12 separate organizational units.
  • 4 levels of organizational units where Food Authority represents the first level.

A system administrator creates and maintains organizational units and organizational access codes in Active Directory.

If access rights are not defined for a particular organizational unit, the unit will inherit access rights from the next higher-level organizational unit.

Example: If a case has the Raw Safety Authority read access code and Internal IT write access code, this means that everybody from Raw Safety Authority, Adm Secretariat, Project Office 2, and Internal IT can view the case. However, only Sebastian Implementer, Peter Administrator and TestAdmin2 from Internal IT can edit it.

Important: If you change the organizational access code for a case, document, or contact, you must grant access to yourself.

Corporate access codes

In the WorkZone Corporate edition, you can create groups of access codes (Corporate access codes). A corporate access code is a combination of security access codes and organizational access codes.

(Security access code) & (Organizational access code)

Corporate access codes help you fine-tune access rights for each case, document, contact, meeting, or actor sequence and are only available for the WorkZone Corporate edition.

Apply the access code groups in the Read access and Write access fields for cases, documents, contacts, meetings, or actor sequences in the same way as access codes are applied for the WorkZone Standard edition.

Default corporate access code

A newly created case, document, or contact will always contain a default corporate access code which defines read or write access to the case, document, or contact.

Tip: Security access code is often called Term access code in the WorkZone Client.

  • The default security access code is always ALLEEMNER. ALLEEMNER includes all contacts in the organization.
  • The default organizational access code is the second level organizational unit of the employee who has created the case, document, or contact. The first level of organizational unit is always the whole organization. On the picture in the Organizational access codes section, Food Authority is the organizational unit of the first level; Food Safety Authority and Raw Safety Authority are the organizational units of the second level.

Important: If you change the corporate access code for a case, document, or contact, remember to grant access to yourself.

Corporate access string

Corporate access strings are a concise way to represent combinations of different access codes assigned to a given case, document, or contact.

Corporate access strings include:

  • Access codes: The access codes applied in the Read access and Write access fields.
  • Logical operators: Characters that represent the logical bindings between the access codes and the Corporate access codes. The following logical operators are used:
    • &: Used to represent the AND function
    • |: Used to represent the OR function.

You can find corporate access strings in the Read access or Write access columns in lists, for example the Open Cases list.

The string from the example represents the following structure of access rights:

In other words, two groups of people can view the Region East case:

  1. Any person (ALLEEMNER) from the Region East (RE) organizational unit and section manager (Elizabeth2) who works at a different organizational unit.
  2. Any person in the company (FA) who has the WORKFLOWADM security access code.

The corporate access string for the example above would look like this: (ALLEEMNER&(ELISABETH2|RE))|(WORKFLOWADM&FA) in the Open Cases list.

Tip: The image in Organizational access codes displays the full organizational structure of the sample company.