This section introduces KIM permissions, responsibilities, roles, and groups as well as the Routing & Identity Management Document Type Hierarchy tool.
Entries in KIM control user permissions to edit a document, to blanket approve transactions, and to perform many other activities in OLE.
KIM also identifies responsibilities that generate workflow action requests in OLE. When a Fiscal Officer approves a financial processing document or a Chart Manager approves a Chart of Accounts maintenance document, the user is acting on a request that has been generated by a responsibility specified in KIM.
In KIM, you do not assign permissions and responsibilities directly to individual users; instead, you associate users with roles, and you give each role an appropriate set of responsibilities and permissions. For example, the Fiscal Officer role includes permission to edit accounting lines on certain en route documents. This role also includes responsibilities that generate requests for the specific actions fiscal officers must take on documents. The Limited Circulation Attendant role includes permissions to view but not make changes to a patron record.
In the base OLE configuration, similar business functions are often grouped into a single role. Your institution may choose to assign permissions and responsibilities differently or even create its own roles to fit its business processes.
In KIM, each user is identified on the KIM Person document. This document identifies the person by a Principal ID and assigns that person to any number of roles. Role assignments may be made via the Person document or the Role document. Some types of roles, called 'derived roles,' automatically determine their members from data in other OLE components. For example, because Fiscal Officer is a definition of the Account in OLE, the Fiscal Officer role derives its assignees based on the data in the Account table. You do not need to assign users to derived roles such as this one.
Groups provide another important tool in KIM. Groups are an optional feature that allows you to associate persons, roles or other groups with each other for the purpose of making role assignments. For example, if you want to assign the same role to three users, you could create a group, assign the three users to it, and then assign the group to the desired role. (Alternatively, you could add the three users individually to the role. The choice of whether to use a group or assign individual users to roles is entirely yours.)
