Manage Roles and Permissions

Roles and Permissions

Therein areOPS-COM threeprovide menugranular optionscontrol underover what administrative users can access and do within the system. This feature allows administrators to define specific responsibilities, enhance security, and ensure that each user has appropriate access levels, streamlining operations and maintaining data integrity.

Using this Feature

1. Click, System ConfigurationConfiguration,  -> Admin Management and menu;click Manage Roles,Roles.
Manage

Groups

Creating and EditManaging Admin Users. 

Roles

ClickRoles are central to the Managepermissions Rolessystem, buttonacting toas begin.

templates for sets of permissions.

1. The Manage Administrator Roles screen displays.
   will display. The Primary Administrator role willis bepre-defined availableand to select. This role will allowallows you to create new Rolesroles and assign them to other Adminadmin Users.users.



2. To

   Clickcreate a new role, click the Add New Role button.

3. Enter thea descriptive Role name and thea description for that role.
   
   • The description will becomeappear theas a rollover tool tip that displaystooltip when you mouse over the Edit Role button offor an existingthat role.
4. Click Save Role to save.
   
   
   save

   your new role.

Editing Existing Roles

You can editmodify the name and description of any role by(except clickingthe Primary Administrator role).

1. On the Manage Administrator Roles screen, click the Edit Role button.button Younext can editto the role you wish to update.
2. Make your desired changes to the  Role Name andand/or Description.
for
3. Click anySave Role exceptto Primarysave Admin.
   
   your edits.

Assigning Permissions to a Role

Once a role is created, you'll define what actions users assigned to that role can perform by setting its permissions.

Click

1. On the Manage Administrator Roles screen, click the Permissions button next to edit the permissionsrole foryou anywant role.to configure. The Editing Permissions screen will display.


2. The top bar displays various icons, mirroring the OPS-COM menu structure. The number next to theeach iconsicon across the top bar indicateindicates how many permissions inwithin that category have been selected.selected
   The icons mirrorfor the OPS-COMcurrent menu.role.
3. Click an icon (e.g., a "Permit" icon, a "Violations" icon) to display the specific permissions inavailable within that category.
   
   
   







4. To selectgrant a permission, enable the check boxcheckbox next to that permission.permission's name.
5. Once you have gonenavigated through each icon and selected all the necessary permissions that are required for the role, click Save Permissions. ThatThe rolerole, with its defined permissions, is now created.created
   
   
   and ready for assignment.

Assigning Roles to Admin Users

YouAfter roles are defined, you can assign this rolethem to oneyour or moreadministrative users.

Click

the
1. Click,  System ConfigConfiguration, Admin menuManagement and selectclick  Edit Admin Users. The Manage Administrator Users screen displays.will
   display.
2. From thisthe screendropdown list, select an existing user you canwish to modify, or choose to create a new useruser.
or edit an existing one by selecting the appropriate option from the dropdown list.
3. Click Retrieve to display the useruser's options below.
4. On

   

   the

   
   

   left

   Addside of the screen, add or confirm the User informationInformation on(e.g., name, email).

5. On the leftright andside, select the rolesrole(s) you wish to apply to that user onfrom the right.available options.
6. You can also add a commentComment for any relevant notes about the user.user's role or status.
7. Click Update User when you arehave finished.
   finished making your changes.

---

Best Practices & Considerations

• Principle of Least Privilege: Always adhere to the principle of least privilege. Grant users only the permissions absolutely necessary for them to perform their job functions. This minimizes security risks and potential for accidental errors.
• Role-Based Access Control: Utilize roles to manage permissions efficiently. Instead of assigning individual permissions to each user, create roles (e.g., "Enforcement Officer," "Permit Manager," "Finance Admin") and assign users to those roles. This simplifies onboarding, offboarding, and auditing.
• Clear Role Descriptions: Use the role description field to clearly state the purpose of the role and the types of permissions it encompasses. This helps administrators understand what each role is intended for.
• Regular Review: Periodically review your defined roles and user assignments to ensure they remain appropriate as job responsibilities change or staff join/leave your organization.
• Test New Roles: Before deploying a new role to active users, test it with a test administrator account to confirm that the assigned permissions function as expected and do not inadvertently grant too much or too little access.