Event Module Security
Assignments are additive
If User has access to an event by at least one rule - User is able to see the Event
If User has access to an event with some Role by at least one rule - User is able to do all operations with the Event which the Role allows
Terminology
SHOWN-ONLY-TO-OWNER Event is an event which meets both conditions below at the same time:
- Event is created for Form with option Only Show Reporter enabled
- Event is in one of Statuses selected below the Only Show Reporter check box on Edit Form page
CONFIDENTIAL Event is an event with Confidential option enabled (available only for events created by Form with Confidential option enabled)
Custom Assignments
Applicable to: an Event with Custom Assignments (including CONFIDENTIAL & SHOWN-ONLY-TO-OWNER events)
Access granted to:
- Users that are selected in Edit Event page / Assignments tab
- with roles from Admin / Users / Edit dialog
- Members of User Groups that are selected in Edit Event page / Assignments tab
- with roles from Add Assignment dialog - if Consider Roles option of User Group is enabled
- with roles from Admin / Users / Edit dialog - if Consider Roles option of User Group is disabled
Company Defaults
Applicable to: all Events except CONFIDENTIAL & SHOWN-ONLY-TO-OWNER events
Access granted to:
- Users that are selected in Admin / User Groups / Default User Groups page / Default Event Assignments section
- with roles from Admin / Users / Edit dialog
- Members of User Groups that are selected in Admin / User Groups / Default User Groups page / Default Event Assignments section
- with roles from Add Assignment dialog - if Consider Roles option of User Group is enabled
- with roles from Admin / Users / Edit dialog - if Consider Roles option of User Group is disabled
Inherited from Org Unit/Entity Pair
Applicable to: all Events with selected Org Unit or Entity except CONFIDENTIAL & SHOWN-ONLY-TO-OWNER events
Access granted to:
- Users that are given access to Event's Org Unit / Entity pair
- with roles from Admin / Users / Edit Assignments page that meet Role-Requirements
- Members of User Groups that are given access to Event's Org Unit / Entity pair
- with roles from Admin / User Groups / Edit Assignments page that meet Role-Requirements - if Consider Roles option of User Group is enabled
- with roles from Admin / Users / Edit dialog that meet Role-Requirements - if Consider Roles option of User Group is disabled
Role-Requirements:
- Role must have option Only provide access to Own Events disabled
- Role must be selected for the Current Event's Status on Admin / BR / Event Statuses popup
- Role must be selected for the Event's Form on Admin / Forms / Edit Form page / Access Permissions field
Note: If User or User Group is assigned to Event's Org Unit / Entity pair, but Role-Requirements are not met - user does not have access to the Event
Owner
Applicable to: all Events except CONFIDENTIAL Events
Access granted to:
- User that created the event
- with roles that user has against Event's Org Unit / Entity pair & meet Role-Requirements (including assignments of User Groups the user is member of)
Role-Requirements:
- Role must be selected for the Current Event's Status on Admin / BR / Event Statuses popup
this role-requirement is not applied for SHOWN-ONLY-TO-OWNER Events
Note: If User is not assigned to Event's Org Unit / Entity pair - user does not have access to the Event
Note: If User is assigned to Event's Org Unit / Entity pair, but Role-Requirements are not met - user does not have access to the Event
Reporter & Party Involved & Team Member & Workflow Responsible
Applicable to: all Events except CONFIDENTIAL & SHOWN-ONLY-TO-OWNER Events
Access granted to:
- User selected in Event's Reporter field
- Users selected in Edit Event page / Parties Involved tab
- Users selected as Team Members
- Users selected as Responsible in finished or active Steps in Event's Workflow
- with roles that user has against Event's Org Unit / Entity pair & meet Role-Requirements (including assignments of User Groups the user is member of)
Role-Requirements:
- Role must be selected for the Current Event's Status on Admin / BR / Event Statuses popup
Note: If User is not assigned to Event's Org Unit / Entity pair - user does not have access to the Event
Note: If User is assigned to Event's Org Unit / Entity pair, but Role-Requirements are not met - user does not have access to the Event
Team Members for Event are used when 3 options enabled together:
- BR / Fields / Forms / Allow Multiple Reporters per Form?
- BR / Fields / Forms / Would you like to assign different roles to each Reporter?
- BR / Fields / Forms / Only schedule 1 Form for all Reporters
Confidential
Applicable to: CONFIDENTIAL Events (including SHOWN-ONLY-TO-OWNER Events)
Access granted to:
- Users selected as Confidential in Event Edit page / Select Confidential Users dialog
- with roles that user has against Event's Org Unit / Entity pair (including assignments of User Groups the user is member of)
Note: If User is not assigned to Event's Org Unit / Entity pair - user does not have access to the Event
Superior of Owner & Superior of Reporter & Superior of Party Involved & Superior of Team Member
Applicable to: all Events except CONFIDENTIAL & SHOWN-ONLY-TO-OWNER Events
Access granted to:
- Superiors of User that created the event
- Superiors of User selected in Event's Reporter field
- Superiors of Users selected in Edit Event page / Parties Involved tab
- Superiors of Users selected as Team Members
- with roles that superior user has against Event's Org Unit / Entity pair & meet Role-Requirements (including assignments of User Groups the user is member of)
Role-Requirements:
- Role must have option Access Inferiors Events enabled
- Role must be selected for the Current Event's Status on Admin / BR / Event Statuses popup
Note: If User is not assigned to Event's Org Unit / Entity pair - user does not have access to the Event
Note: If User is assigned to Event's Org Unit / Entity pair, but Role-Requirements are not met - user does not have access to the Event
Team Members for Event are used when 3 options enabled together:
- BR / Fields / Forms / Allow Multiple Reporters per Form?
- BR / Fields / Forms / Would you like to assign different roles to each Reporter?
- BR / Fields / Forms / Only schedule 1 Form for all Reporters