Differences between revisions 7 and 8
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
'''[[BereicheArbeitsgruppen|Zurück]] 8. Bereiche und Arbeitsgruppen -- [[Inhaltsverzeichnis |Nach Oben]] Inhaltsverzeichnis -- [[SystemKonfiguration|Weiter]] 10. Systemkonfiguration'''  '''[[BereicheArbeitsgruppen|Zurück]] 8. Bereiche und Arbeitsgruppen -- [[Inhaltsverzeichnis |Nach Oben]] Inhaltsverzeichnis -- [[SystemKonfiguration|Weiter]] 10. Systemkonfiguration'''
----
= 9. User Roles =
<<TableOfContents>>
User Roles are the mechanism used to control a user’s access to the transactions and data stored in the DrawMGT system.
Line 3: Line 7:
---- In order to view, enter and update data a user must have the appropriate roles. A user role gives a ''user'' the permission to run ''transactions'', e.g. commands initiated by the system menus and screen buttons, on ''system data'', e.g. data stored in folders ''(Bereiche)'' and groups ''(Gruppe)''. In other words, user roles define permissions, linking users, transactions and system data.
Line 5: Line 9:
= 9. Benutzern und Benutzer-Rollen = Users typically have multiple user roles, which reflect their actual responsibilities on a project. For example, a user may have ''view'' roles for some folders and groups, where they merely need access to documents for information purposes, and ''new/update'' roles, for areas of the project where they produce documents.
Line 7: Line 11:
In a large project with many users and folders, the number of user roles can get quite large and their management can be a challenge. In many projects, it is critical to ensure that certain documents are protected and are available only to a restricted set of users. DrawMGT provides a convenient reporting mechanism that lets you verify who has access to transactions and system data based on the project area, e.g. ''folders'' and ''groups''.
Line 8: Line 13:
<<TableOfContents>> = User Role Levels =
Line 10: Line 15:
DrawMGT verwaltet eine Liste von Benutzern, welche von allen Benutzern eingesehen werden kann. Die Benutzer-Liste enthält die Namen aller Benutzer sowie Kontakt-Informationen. Sie können anderen DrawMGT-Benutzern ein E-Mail senden, indem Sie auf die E-Mail Adressen der Benutzer-Liste und Detail-Ansichten klicken. User roles can be assigned at the ''system'', ''folder'' or ''group'' level.
If a role is assigned at the:
 * ''system level'' – then permissions granted for all system data, including all folders and groups
 * ''folder level'' – then permissions are granted for all data in the folder, including all the groups belonging to the folder
 * ''group level'' – then permissions are granted for all data in the group
In all cases, permissions are granted based on the folder/group of the user roles and the folder/group of the data, taking into account user roles at the system and folder level. The algorithm for determining if permission is granted to access data is:
 1. Determine the role required for the transaction about to be performed
 2. Check if the user has the ''system''-level access for the role
  * if '''yes''', grant permission
  * if '''no''', continue with the next check
 3. Check if the user has the ''folder''-level access for the role for the folder associated with the
 data
  * if '''yes''', grant permission
  * if '''no''', continue with the next check
 4. Check if the user has the ''group''-level access for the roles for the folder and group associated with the data
  * if '''yes''', grant permission
  * if '''no''', continue with the next check
 5. Deny permission
= User Role Classes =
User role types are divided into classes. The user roles for each class are listed and defined in the following sections.
== Administration Roles ==
 * '''''Site Administrator''''' – grants permissions for performing '''''all''''' system transactions
The ''Site Administrator'' user role is assigned to the users that manage the system users and user roles.
The following transactions are unique to the ''Site Administrator'' role:
 * ''User create/update''
 * ''User role update''
 * ''User role list''
 * ''User set password'' – for other users. Note that users are able to reset their own passwords
== Document/Revision Management and Viewing Roles ==
 * '''''Document Creator/Updater''''' – Includes the ''Document View'' user role permissions, plus:
  * Creating, updating and deleting documents/revisions
  * Performing revision workflow steps, via the revision detail screen and the document basket
 * '''''Document Viewer''''' – Typically granted to users that need only read-only access to documents and revisions. Permissions for:
  * Searching for documents/revisions and creating document/revision lists
  * Viewing detail screens for documents and revisions
  * Downloading source and publish files
  * Listing submittals, and viewing the list of recent submittals
  * Viewing submittal detail screens
  * Downloading submittal ZIP files
 * '''''Document Restricted Viewer''''' – Typically assigned to users that are only allowed to view documents and revisions that have been issued (e.g. where the workflow is completed). The permissions are the same as for the Document View role, with the following difference:
  * Downloading publish files only – a restricted viewer does not see that source files exist
  * Access is restricted to revisions where the workflow is complete, and depending on the system configuration, superseded revisions. The default is that are unable to view superseded revisions.
Line 12: Line 58:
Die DrawMGT-Benutzer-Liste kann als Projekt-Kontaktliste dienen. Note that placing a revision in a submittal automatically makes it accessible to users with the ''Document Restricted Viewer'' user role, once the submittal has been transmitted.
Line 14: Line 60:
Um Benutzer zu finden, klicken Sie linker Hand auf '''Benutzer - Suchen''', was eine Liste von Benutzern als Resultat hat, welche Ihren Suchkriterien entspricht. '''Warning:''' For security reasons, the ''Document Restricted Viewer'' role takes precedence over the other document/revision user roles. This means that if a ''Document Restricted Viewer'' role is assigned to a user with the ''Document Creator/Updater'' or the ''Site Administrator'' user role, then that user will no longer have permissions to create and update documents and revisions.
Line 16: Line 62:
= Benutzer Details = == Document/Revision Workflow Roles ==
Line 18: Line 64:
Sie können alle Informationen über einen Benutzer einsehen, indem Sie die Links des Vor- oder Nachnamens anklicken. Die Benutzer-Detail-Ansicht zeigt folgende Blöcke: The document/revision workflow roles are all associated with performing workflow steps for revisions. The workflow for a revision is a sequence of workflow steps, which must be completed in order. The sequence of workflow steps is:
Line 20: Line 66:
 * '''Benutzer Details''' - Benutzername und Kontaktinformationen
 * '''Projekt-Grundeinstellungen''' - standardmässiger Ordner und Arbeitsgruppe des Benutzers (dort wo der Benutzer normalerweise arbeitet)
 * '''Login Details''' - Login-Name des Benutzers sowie die Information, ob der Login aktiv ist. Bitte beachten Sie, dass nicht alle DrawMGT-Benutzer über Logins verfügen. Dokumentenfreigabe-Versand Empfänger benötigen beispielsweise kein Login.
 * '''Benutzer-Rollen''' - dem Benutzer zugeteilte Rollen, welche nach Ordner und Arbeitsgruppe sortiert sind. 		 * '''''Draft''''' – The ''draft'' workflow step only records who drafted the drawing, or typed-in the document. There is no status, plan or complete date recorded for the ''draft'' workflow step.
 * '''''Design''''' and/or '''Receive'''
 * '''''Check'''''
 * '''''Approval''''' – Multiple ''approval'' workflow steps can be completed in parallel. Approval workflow steps are typically used for cross-interface approvals.
 * '''''Release''''' – ''Release'' workflow steps can overrule open and rejected approval workflow steps
 * '''''Submit'''''
All the workflow steps, with the exception of the submit workflow step, are performed in the revision detail screen. A workflow step role includes the ability to complete and also to update the step, provided that no subsequent workflow steps have been completed.
Line 25: Line 74:
Sie können Benutzer-Details direkt einsehen, indem Sie rechter Hand auf den Login-Namen in der Kopfzeile klicken. The roles differ only in the workflow step that can be performed:
 * '''''Document Drafter''''' – Permission to perform the ''drafter'' workflow step
 * '''Document Creator (Designer)''' – Perform the ''design'' workflow step
 * '''''Document Receiver''''' – Perform the ''design'' workflow step
 * '''''Document Checker''''' – Perform the ''check'' workflow step
 * '''''Document Approver''''' – Perform the ''approve'' workflow step. This applies to all workflow steps.
 * '''''Document Releaser''''' – Perform the ''release'' workflow step. The user completing the release workflow
 * '''''Document Submitter''''' – Perform the ''submit'' workflow step, e.g. transmit a submittal. Unlike other workflow steps, the submit workflow step is ''not'' performed from the revision detail screen. Submittals are transmitted from the submittal detail screen. See section '''''X: Managing Submittals''''' for a complete description of how to create and transmit submittals.
To complete a workflow step, following data must be entered:
 * '''''Plan Date''''' – Optional. The plan date if for informational purposes only. Only users with the ''Document Creator/Updater'' role user can change the plan date.
 * '''''Complete Date''''' – Required, if the step does not have status ''Not Required''.
 * '''''Who''''' (the person responsible for the step) – Required. This field is normally pre-assigned and cannot be changed, unless the user also has the ''Document Creator/Updater'' role.
 * '''''Status''''' – Required for ''design, check, approve'' and ''release'' workflow steps. The following status values are allowed:
  * '''''Open''''' – The workflow step has not been completed
  * '''''Not Required''''' – The workflow step is not required. Only applies to ''approve'' workflow steps.
  * '''''Approved''''' – The revision is approved, and other subsequent workflow steps can be performed.
  * '''''Approved with Comments''''' – The revision is approved, a comment associated with the approval has been entered and other subsequent workflow steps can be performed.
  * '''''Rejected with Comments''''' – The revision is rejected, a comment associated with the rejection has been entered and other subsequent workflow steps cannot be performed.
  * '''''Comment''''' – Required when the status is ''Approved with Comments'' or ''Rejected with Comments''.
  
== Task Management and Viewing Roles ==
Line 27: Line 96:
Gegeben Ihre eigene Benutzer-Rolle erlaubt es, so können Sie neue Benutzer erstellen, Benutzer aktualisieren, Passwörter setzen und ändern sowie Benutzer-Rollen zuweisen. Die Links dazu finden sich linker Hand im Menü sowie unterhalb der Benutzer-Liste und der Detail-Ansicht.  * '''''Task Creator/Updater''''' – Includes the ''Task View'' user role permissions, plus:
  * Creating and updating tasks and task notes
  * Uploading task note attachment files
 * '''''Task Viewer''''' – Typically assigned to users who only need read-only access to tasks. Permissions for:
  * Searching for tasks and creating task lists, all types of task are included
  * Viewing task detail screens, including the task notes, all types of task notes are included
  * Downloading task note attachment files
 * '''''Task Restricted Viewer''''' – Typically assigned to users who only need read-only access to a restricted set of task types and task note types. The permissions are the same as for the Document View role, with the following difference:
  * Searching for tasks and creating task lists – restricted to limited set of task types
  * Viewing task detail screens, including the task notes – restricted to limited set of task types and task note types, defined in the system configuration:
'''Warning:''' For security reasons, the ''Task Restricted Viewer'' role takes precedence over the other task user roles. This means that if a ''Task Restricted Viewer'' role is assigned to a user with the ''Task Creator/Updater'' role, then that user will no longer have the permissions to create and update tasks.
Line 29: Line 108:
= User Roles = Security Exception tasks can be used to make it possible for users to view revisions that their user roles do not normally allow them to view. See section '''''X: Security Exception Tasks'''''.
Line 31: Line 110:
Sie können Benutzer-Rollen über die Detail-Ansicht aktualisieren. Der '''Rollen aktualisieren''' Button führt zu einer Ansicht, welche alle Rollen und Arbeitsgruppen des aktuellen Ordners auflistet. Dort können Sie eine Rolle einer bestimmten Arbeitsgruppe oder allen Arbeitsgruppen des Ordners zuweisen. == Task Subscriber Roles ==
Line 33: Line 112:
 Benutzer-Rollen zur Bewegung und Ansicht von Daten: ''Task Subscriber'' user roles, do not actually define permissions to access and update data, but rather define the default list of users added to a task when it is first created. The list of ''Task Subscriber'' user roles is based on the list of task types, with an addition of a ''Task Subscriber All'' role. The list of task types depends on the system configuration and is typically different for each project.
 * '''''Task Subscriber All'''''
 * '''''Task Subscriber Task Type X'''''
 * '''''Task Subscriber Task Type Y'''''
 * '''''…'''''
See section '''''X: Task Management''''' for description of how task subscription works and the conditions under which emails are sent to task subscribers.
Line 35: Line 119:
 || '''Rolle''' || '''Beschreibung''' ||
 ||<-2> '''Administrator-Rollen''' ||
 || Root || System-Administration (nur für SoftXS-Support) ||
 || Administrator || Site-Administrator, kann Benutzer und Benutzer-Rollen erstellen und aktualisieren ||
 ||<-2> '''Verwaltungs-Rollen''' ||
 || PM || Projektleiter. ||
 || PM-Deputy || Stellvertretender Projektleiter. Gleiche Privilegen wie PM ||
 || PM-Assistant || Assistent des Projektleiters. Gleiche Privilegen wie PM ||
 || LE || Lead engineer. ||
 || LE-Deputy || Lead engineer deputy. Gleiche Privilegen wie LE. ||
 || LE-Assistant || Lead engineer assistant. Gleiche Privilegen wie LE. ||
 ||<-2> '''Arbeitsablauf-Rollen''' ||
 || Designer || Benutzer agiert als verantwortlicher Akteur der Annahme von Arbeitsablauf-Schritten. ||
 || Drafter || User appears as in the list of drafters ||
 || Receiver || Benutzer agiert als verantwortlicher Akteur der Annahme von Arbeitsablauf-Schritten. ||
 || Checker || Benutzer agiert als verantwortlicher Akteur der Prüfung von Arbeitsablauf-Schritten. ||
 || Approver-1 || Benutzer agiert als verantwortlicher Akteur des Approve-1 Arbeitsablauf-Schrittes. ||
 || Approver-2 || Benutzer agiert als verantwortlicher Akteur des Approve-2 Arbeitsablauf-Schrittes. ||
 || Approver-3 || Benutzer agiert als verantwortlicher Akteur des Approve-3 Arbeitsablauf-Schrittes. ||
 || Approver-4 || Benutzer agiert als verantwortlicher Akteur des Approve-4 Arbeitsablauf-Schrittes. ||
 || Releaser || Benutzer agiert als verantwortlicher Akteur des Freigabe von Arbeitsablauf-Schritten. ||
 || Submitter || Benutzer agiert als verantwortlicher Akteur des Freigabeversands von Arbeitsablauf-Schritten. ||
 ||<-2> '''Betrachter / Pendenzen-Rolle''' ||
 || Viewer || Benutzer kann Dokumenten-Details und Dokumente (nicht aber Quelldaten) einsehen ||
 || Commenter || Benutzer kann Pendenzen einsehen, erstellen und aktualisieren. || 		== Submittal Management Role ==
Line 61: Line 121:
Benutzer-Rollen verbieten Ihnen, gewisse Pendenzen einzusehen. Sie können Dokumenten-Details sowie die Zusammenfassung der Pendenzen-Liste der Dokument-Detail-Liste einsehen, während es Ihnen aber nicht erlaubt ist, die Details der Pendenzen-Liste anzusehen.  * '''''Submittal/Transmittal Creator/Updater''''' – Permissions for:
  * Creating and updating submittals
  * Listing submittals, and viewing the list of recent submittals
  * Viewing submittal detail screens
  * Downloading submittal ZIP files
Note that the ''Submittal/Transmittal Creator/Updater'' user role does not allow a user to transmit a submittal. The permission is granted with the ''Document Submitter'' user role, described above.
== Submittal Recipient Roles ==
''Submittal Recipient'' user roles, do not actually define permissions to access and update data, but rather define the recipients for submittals. There are three types of submittal recipients:
 * ''Submittal Primary Recipient'' (‘To’ recipient)
 * ''Submittal Copy Recipient'' (‘CC’ recipient)
 * ''Submittal Blind Copy Recipient'' (‘BCC’ recipient)
See section '''''X: Managing Submittals''''' for a complete description of how to create and transmit submittals.
Line 63: Line 134:
Wenn Ihre Rolle es Ihnen verbietet, Dokumente anzusehen, können Sie trotzdem die Dokumenten-Namen in der Dokumenten-Liste und Detail-Ansichten sehen, während es Ihnen verwährt bleibt, die eigentlichen Dokumenten einzusehen. = User Management =
Line 65: Line 136:
Die detailierten Bewegungen, welche von den verschiedenen Rollen ausgeführt werden, können eingesehen werden, indem Sie das Menü linker Hand, '''Administration - Transaction - Profiles''' aufrufen. '''''Image: User list including a normal user, test user, disabled user, user with disabled login'''''
Line 67: Line 138:
Grundsätzlich kann jeder, welcher über eine Dokument-Erstellungs-Rolle (z.B. PM, LE usw. sowie die Arbeitsablauf-Rollen) verfügt, diese Ansicht aufrufen sowie Dokumente in den Ordnern und Arbeitsgruppen erstellen und aktualisieren, für welche er über die entsprechenden Rollen verfügt. '''''Image: User detail screen'''''
Line 69: Line 140:
Basierend auf Ihrer Rolle, ändert sich das Menü linker Hand sowie die Buttons. Grundsätzlich werden nur Menu-Elemente und Buttons für Bewegungen angezeigt, für welche Sie Privilegen haben. '''''Add the following points:'''''
Line 71: Line 142:
Benutzer-Rollen für Dokumentenfreigabe-Versand-Empfänger:  * '''''Test User''''' – Intended for testing document and task access permissions. Defines a test user with the following properties:
  * Allowed to login, provided the user and login is enabled (see below)
  * Not included in user menus
  * Not sent any system generated emails
  * Displayed in yellow in user lists and user detail screens
* '''''User enabled''''' ''(Benutzer freigegeben)'' – The user is enabled, meaning that the user appears in all user menus and system generated emails will be sent to the user. Users should be disabled when they are no longer associated with the project. Disabled users are:
  * Not allowed to login
  * Not included in user menus
  * Not sent any system generated emails
  * Displayed in dark gray in user lists and user detail screens
 * '''''Login enabled''''' ''(Login freigegeben)'' – The user’s login is enabled. Provided the user is enabled (see above), and a login name and password have been assign, the user will be able to log into the system. Users with a disabled login are:
  * Not allowed to login
  * Displayed in light gray in user lists and user detail screens
  
 * '''''User enabled''''' ''(Benutzer freigegeben)'' – The user is enabled, meaning that the user appears in all user menus and system generated emails will be sent to the user. Users should be disabled when they are no longer associated with the project. Disabled users are:
Line 73: Line 158:
  || '''Rolle''' || '''Beschreibung''' ||
  || Submittal-TO || Benutzer ist relevanter Empfänger von Dokumentenfreigabe-Versand ||
  || Submittal-CC || Benutzer ist CC-Empfänger von Dokumentenfreigabe-Versand ||
  || Submittal-BCC || Benutzer ist BCC-Empfänger von Dokumentenfreigabe-Versand || 		  * Not allowed to login
  * Not included in user menus
  * Not sent any system generated emails
  * Displayed in dark gray in user lists and user detail screens
Line 78: Line 163:
Benutzer-Rollen von Pendenzen-Verteilern sind von Pendenztypen abhängig. Siehe Leitfaden Site-Konfiguration.  * '''''Login enabled''''' ''(Login freigegeben)'' – The user’s login is enabled. Provided the user is enabled (see above), and a login name and password have been assign, the user will be able to log into the system. Users with a disabled login are:
  * Not allowed to login
  * Displayed in light gray in user lists and user detail screens
  
= User Role Management =
Line 80: Line 169:
'''Beachten Sie, dass das Aktualisieren von Rollen nur auf den aktuellen Ordner angewendet wird. Wenn Sie die Rollen eines anderen Ordners aktualisieren möchten, müssen Sie zuerst den Ordner wechseln.''' == Creating User Role Reports ==

Users with the ''Site Administrator'' user role can create user role reports, which are tables of user roles. An example is show below:

'''''Image: Example: part of user role list'''''

The user role report lists users, by folder, group and company in the vertically and user roles horizontally. In the main part of the table an '''‘X’''' is displayed if the role has been assigned for the given user and role. If you place your mouse over the '''‘X’''', floating text appears, indicating the user, company and user role.

'''''Image: Example: small part of user role list – showing hover text'''''

It is also possible to expand and collapse each folder’s section.

'''''Image: Example: small part of user role list – expand/collapse check boxes'''''

As the number of user roles can be overwhelming, it is possible to display subsets of the user roles based on selections from the following categories:
 * ''Folders''
 * ''Companies''
 * ''Users''
 
The user role search screen allows you to make a selection of ''one, multiple'' or ''all'' items in each category.
 
'''''Image: Example: user role search screen'''''
 
== Downloading User Role Metadata ==

'''''To be completed'''''
 
== Updating User Roles ==
'''''To be competed – or reference to existing documentation'''''

Zurück 8. Bereiche und Arbeitsgruppen -- Nach Oben Inhaltsverzeichnis -- Weiter 10. Systemkonfiguration

9. User Roles

Contents

  1. 9. User Roles
  2. User Role Levels
  3. User Role Classes
    1. Administration Roles
    2. Document/Revision Management and Viewing Roles
    3. Document/Revision Workflow Roles
    4. Task Management and Viewing Roles
    5. Task Subscriber Roles
    6. Submittal Management Role
    7. Submittal Recipient Roles
  4. User Management
  5. User Role Management
    1. Creating User Role Reports
    2. Downloading User Role Metadata
    3. Updating User Roles
User Roles are the mechanism used to control a user’s access to the transactions and data stored in the DrawMGT system.

In order to view, enter and update data a user must have the appropriate roles. A user role gives a user the permission to run transactions, e.g. commands initiated by the system menus and screen buttons, on system data, e.g. data stored in folders (Bereiche) and groups (Gruppe). In other words, user roles define permissions, linking users, transactions and system data.

Users typically have multiple user roles, which reflect their actual responsibilities on a project. For example, a user may have view roles for some folders and groups, where they merely need access to documents for information purposes, and new/update roles, for areas of the project where they produce documents.

In a large project with many users and folders, the number of user roles can get quite large and their management can be a challenge. In many projects, it is critical to ensure that certain documents are protected and are available only to a restricted set of users. DrawMGT provides a convenient reporting mechanism that lets you verify who has access to transactions and system data based on the project area, e.g. folders and groups.

User Role Levels

User roles can be assigned at the system, folder or group level. If a role is assigned at the:

  • system level – then permissions granted for all system data, including all folders and groups

  • folder level – then permissions are granted for all data in the folder, including all the groups belonging to the folder

  • group level – then permissions are granted for all data in the group

In all cases, permissions are granted based on the folder/group of the user roles and the folder/group of the data, taking into account user roles at the system and folder level. The algorithm for determining if permission is granted to access data is:

  1. Determine the role required for the transaction about to be performed

  2. Check if the user has the system-level access for the role

    • if yes, grant permission

    • if no, continue with the next check

  3. Check if the user has the folder-level access for the role for the folder associated with the data

    • if yes, grant permission

    • if no, continue with the next check

  4. Check if the user has the group-level access for the roles for the folder and group associated with the data

    • if yes, grant permission

    • if no, continue with the next check

  5. Deny permission

User Role Classes

User role types are divided into classes. The user roles for each class are listed and defined in the following sections.

Administration Roles

  • Site Administrator – grants permissions for performing all system transactions

The Site Administrator user role is assigned to the users that manage the system users and user roles. The following transactions are unique to the Site Administrator role:

  • User create/update

  • User role update

  • User role list

  • User set password – for other users. Note that users are able to reset their own passwords

Document/Revision Management and Viewing Roles

  • Document Creator/Updater – Includes the Document View user role permissions, plus:

    • Creating, updating and deleting documents/revisions
    • Performing revision workflow steps, via the revision detail screen and the document basket

  • Document Viewer – Typically granted to users that need only read-only access to documents and revisions. Permissions for:

    • Searching for documents/revisions and creating document/revision lists
    • Viewing detail screens for documents and revisions
    • Downloading source and publish files
    • Listing submittals, and viewing the list of recent submittals
    • Viewing submittal detail screens
    • Downloading submittal ZIP files

  • Document Restricted Viewer – Typically assigned to users that are only allowed to view documents and revisions that have been issued (e.g. where the workflow is completed). The permissions are the same as for the Document View role, with the following difference:

    • Downloading publish files only – a restricted viewer does not see that source files exist
    • Access is restricted to revisions where the workflow is complete, and depending on the system configuration, superseded revisions. The default is that are unable to view superseded revisions.

Note that placing a revision in a submittal automatically makes it accessible to users with the Document Restricted Viewer user role, once the submittal has been transmitted.

Warning: For security reasons, the Document Restricted Viewer role takes precedence over the other document/revision user roles. This means that if a Document Restricted Viewer role is assigned to a user with the Document Creator/Updater or the Site Administrator user role, then that user will no longer have permissions to create and update documents and revisions.

Document/Revision Workflow Roles

The document/revision workflow roles are all associated with performing workflow steps for revisions. The workflow for a revision is a sequence of workflow steps, which must be completed in order. The sequence of workflow steps is:

  • Draft – The draft workflow step only records who drafted the drawing, or typed-in the document. There is no status, plan or complete date recorded for the draft workflow step.

  • Design and/or Receive

  • Check

  • Approval – Multiple approval workflow steps can be completed in parallel. Approval workflow steps are typically used for cross-interface approvals.

  • ReleaseRelease workflow steps can overrule open and rejected approval workflow steps

  • Submit

All the workflow steps, with the exception of the submit workflow step, are performed in the revision detail screen. A workflow step role includes the ability to complete and also to update the step, provided that no subsequent workflow steps have been completed.

The roles differ only in the workflow step that can be performed:

  • Document Drafter – Permission to perform the drafter workflow step

  • Document Creator (Designer) – Perform the design workflow step

  • Document Receiver – Perform the design workflow step

  • Document Checker – Perform the check workflow step

  • Document Approver – Perform the approve workflow step. This applies to all workflow steps.

  • Document Releaser – Perform the release workflow step. The user completing the release workflow

  • Document Submitter – Perform the submit workflow step, e.g. transmit a submittal. Unlike other workflow steps, the submit workflow step is not performed from the revision detail screen. Submittals are transmitted from the submittal detail screen. See section X: Managing Submittals for a complete description of how to create and transmit submittals.

To complete a workflow step, following data must be entered:

  • Plan Date – Optional. The plan date if for informational purposes only. Only users with the Document Creator/Updater role user can change the plan date.

  • Complete Date – Required, if the step does not have status Not Required.

  • Who (the person responsible for the step) – Required. This field is normally pre-assigned and cannot be changed, unless the user also has the Document Creator/Updater role.

  • Status – Required for design, check, approve and release workflow steps. The following status values are allowed:

    • Open – The workflow step has not been completed

    • Not Required – The workflow step is not required. Only applies to approve workflow steps.

    • Approved – The revision is approved, and other subsequent workflow steps can be performed.

    • Approved with Comments – The revision is approved, a comment associated with the approval has been entered and other subsequent workflow steps can be performed.

    • Rejected with Comments – The revision is rejected, a comment associated with the rejection has been entered and other subsequent workflow steps cannot be performed.

    • Comment – Required when the status is Approved with Comments or Rejected with Comments.

Task Management and Viewing Roles

  • Task Creator/Updater – Includes the Task View user role permissions, plus:

    • Creating and updating tasks and task notes
    • Uploading task note attachment files

  • Task Viewer – Typically assigned to users who only need read-only access to tasks. Permissions for:

    • Searching for tasks and creating task lists, all types of task are included
    • Viewing task detail screens, including the task notes, all types of task notes are included
    • Downloading task note attachment files

  • Task Restricted Viewer – Typically assigned to users who only need read-only access to a restricted set of task types and task note types. The permissions are the same as for the Document View role, with the following difference:

    • Searching for tasks and creating task lists – restricted to limited set of task types
    • Viewing task detail screens, including the task notes – restricted to limited set of task types and task note types, defined in the system configuration:

Warning: For security reasons, the Task Restricted Viewer role takes precedence over the other task user roles. This means that if a Task Restricted Viewer role is assigned to a user with the Task Creator/Updater role, then that user will no longer have the permissions to create and update tasks.

Security Exception tasks can be used to make it possible for users to view revisions that their user roles do not normally allow them to view. See section X: Security Exception Tasks.

Task Subscriber Roles

Task Subscriber user roles, do not actually define permissions to access and update data, but rather define the default list of users added to a task when it is first created. The list of Task Subscriber user roles is based on the list of task types, with an addition of a Task Subscriber All role. The list of task types depends on the system configuration and is typically different for each project.

  • Task Subscriber All

  • Task Subscriber Task Type X

  • Task Subscriber Task Type Y

See section X: Task Management for description of how task subscription works and the conditions under which emails are sent to task subscribers.

Submittal Management Role

  • Submittal/Transmittal Creator/Updater – Permissions for:

    • Creating and updating submittals
    • Listing submittals, and viewing the list of recent submittals
    • Viewing submittal detail screens
    • Downloading submittal ZIP files

Note that the Submittal/Transmittal Creator/Updater user role does not allow a user to transmit a submittal. The permission is granted with the Document Submitter user role, described above.

Submittal Recipient Roles

Submittal Recipient user roles, do not actually define permissions to access and update data, but rather define the recipients for submittals. There are three types of submittal recipients:

  • Submittal Primary Recipient (‘To’ recipient)

  • Submittal Copy Recipient (‘CC’ recipient)

  • Submittal Blind Copy Recipient (‘BCC’ recipient)

See section X: Managing Submittals for a complete description of how to create and transmit submittals.

User Management

Image: User list including a normal user, test user, disabled user, user with disabled login

Image: User detail screen

Add the following points:

  • Test User – Intended for testing document and task access permissions. Defines a test user with the following properties:

    • Allowed to login, provided the user and login is enabled (see below)
    • Not included in user menus
    • Not sent any system generated emails
    • Displayed in yellow in user lists and user detail screens

* User enabled (Benutzer freigegeben) – The user is enabled, meaning that the user appears in all user menus and system generated emails will be sent to the user. Users should be disabled when they are no longer associated with the project. Disabled users are:

  • Not allowed to login
  • Not included in user menus
  • Not sent any system generated emails
  • Displayed in dark gray in user lists and user detail screens

  • Login enabled (Login freigegeben) – The user’s login is enabled. Provided the user is enabled (see above), and a login name and password have been assign, the user will be able to log into the system. Users with a disabled login are:

    • Not allowed to login
    • Displayed in light gray in user lists and user detail screens

  • User enabled (Benutzer freigegeben) – The user is enabled, meaning that the user appears in all user menus and system generated emails will be sent to the user. Users should be disabled when they are no longer associated with the project. Disabled users are:

    • Not allowed to login
    • Not included in user menus
    • Not sent any system generated emails
    • Displayed in dark gray in user lists and user detail screens

  • Login enabled (Login freigegeben) – The user’s login is enabled. Provided the user is enabled (see above), and a login name and password have been assign, the user will be able to log into the system. Users with a disabled login are:

    • Not allowed to login
    • Displayed in light gray in user lists and user detail screens

User Role Management

Creating User Role Reports

Users with the Site Administrator user role can create user role reports, which are tables of user roles. An example is show below:

Image: Example: part of user role list

The user role report lists users, by folder, group and company in the vertically and user roles horizontally. In the main part of the table an ‘X’ is displayed if the role has been assigned for the given user and role. If you place your mouse over the ‘X’, floating text appears, indicating the user, company and user role.

Image: Example: small part of user role list – showing hover text

It is also possible to expand and collapse each folder’s section.

Image: Example: small part of user role list – expand/collapse check boxes

As the number of user roles can be overwhelming, it is possible to display subsets of the user roles based on selections from the following categories:

  • Folders

  • Companies

  • Users

The user role search screen allows you to make a selection of one, multiple or all items in each category.

Image: Example: user role search screen

Downloading User Role Metadata

To be completed

Updating User Roles

To be competed – or reference to existing documentation

BenutzernBenutzerRollen (last edited 2010-08-08 13:39:26 by 46-126-153-166)

Copyright 2008-2014, SoftXS GmbH, Switzerland