By default, the main system administrator has the capability to create, modify and delete users in the system and access to billing information. Furthermore, the System Admin has the option to assign these User and Billing administration roles to other users as well as application profiles.
All these actions take place from a single interface within the User Administration window:
The following options are available from this interface:
- New account / user creation. New users can be created by clicking on the <Create New Account> button on top. This will open up a form that collects the user's information.
User Context Menu
The User Context Menu is the tool for performing all the User Management actions. It can be accessed by clicking on the (...) icon next to a user name.
The menu options include:
- Details: Here we can Edit the User's information and update fields like email, Job Title and phone number. Moreover, it allows us to associate the user with to a work crew. If there are no Crews available one can be added from this window.
- Management: Here we can specify if the user will have access rights to sensitive information like Billing and User Management. The system admin by default has these two levels of access rights, but he also has the ability to allow other users to manage these options. For example, the System Admin can provide Billing Management rights to a user in the financial department in the organization.
- Access: This option is focused on application access on a per module bases (Inspections). Allows a user with a <User Management> profile to distribute and assign application roles to other users. For example, from this interface, we can assign a user to an Inspector role which has Inspection-related claims for performing inspections inside the application. A user can also have other different roles simultaneously like an Equipment Management role making him responsible for creating new equipment in the system.
- Resend Invitation: This option allows a User Manager to send (or resend) an invitation to a new user in the application. The system will automatically send an email notifying the user that he/she has been registered and inviting the user to confirm the email address to finalize the account creation process.
- Restore: This option enables and disables user accounts. The system will ask for confirmation before performing this action.
The following illustration shows the Security Access interface. Since the application is licensed based on the total number of users, activating a user or giving a user access to the application uses one license seat. Champs Application Access can be granted to a user by clicking on the checkbox as it has been highlighted below. After having access, different roles can be assigned to one user, or even new roles with custom claims can be created.
Security Roles and Claims
After a user's identity is created, it may belong to one or more roles. For example, Tracy may belong to the Equipment department and have an Inspection Planner role. Whilst Scott may only belong to the Inspector role. How these roles are created and managed depends on the System Admin - User Management of the authorization process.
Roles in the system are predefined, however they can be adjusted to the specific needs of the application. Roles can also be customized with a different set of claims. All these actions take place inside the Security Roles section.
The application has 4 predefined roles that can be assigned to the users in the organization.
- Inspector: The inspector Role has access to create new inspections on the field. An inspector also has View-Only access to the Inspection Templates and to the list of the different equipment.
- Inspection Reviewer: is usually the Inspections Supervisor. A user with this role has access to see the results of the completed inspections as reported by the Inspectors on the field.
- Equipment Manager: This role is intended for the user responsible for creating new equipment, decommissioning of equipment, and updating certain equipment settings that can change over time.
- Inspection Planner: The inspection planner is the user responsible for creating all the inspection templates which is the foundation that the Inspectors on the field need, in order to generate new inspections.
The following image expands on the different claims available to an Inspector. A user with an Inspection Role can see the equipment and Templates but are not allowed to modify them.
This next illustration shows the claims assigned to the Equipment Manager. The Equipment Manager has the ability to create, remove and edit existing equipment.
Creating and customizing roles
The previous list of roles can be customized. Even more, new roles can be created by assigning claims from the list of claims available in the system as follows: