> 
> 
> 
The Permission document allows you to create new permissions or edit existing ones. The Permission Lookup allows you to search for and view existing permissions. You can view summarized information about the permission detail values as well as the roles that are currently associated with this permission.
Only members of OLE-SYS Technical Administrator or OLE-SYS Manager role can create or modify Permission documents. These documents do not route for approval.
Note
Extreme caution should be exercised when modifying existing permissions or adding new ones. Even small changes can have application-wide consequences. Changes should be made only after sufficient testing with your local configuration.
 |
Permission Lookup search criteria
|
Title |
Description |
|
Template Namespace |
Optional. To search for a permission based on its template namespace (that is, the name of the application and module to which its template belongs), select the appropriate namespace. |
|
Template Name |
Optional. To search for a permission based on the name of the template it is based on, enter the appropriate template name. |
|
Permission Namespace |
Optional. To search for a permission based on its namespace, select the appropriate permission namespace. |
|
Permission Name |
Optional. To search for a permission by name, enter its name. |
|
Role Namespace |
To search for a permission based on the namespace of the role to which it is assigned, enter the appropriate role namespace. |
|
Role Name |
Optional. To search for a permission based on the role to which it is assigned, enter the appropriate role name. |
|
Principal Name |
Optional. To search for a permission based on the principals that currently have this permission through their association with a role, enter an appropriate principal name. |
|
Group Namespace |
Optional. To search for a permission based on the namespace of groups that have this permission through the group's association with a role, enter an appropriate group namespace. |
|
Group Name |
Optional. To search for a permission based on the name of a group that has this permission through its association with a role, enter an appropriate group name. |
|
Attribute Value |
Optional. A specific permission detail value associated with a permission |
|
Template ID |
Numerical value of the template namespace |
 |
The Permission results display contains the fields described in the table below.
Permission Lookup results fields
|
Title |
Description |
|
Actions |
Actions allow selection of edit or copy for each permission displayed. |
|
Template Namespace |
The code identifying the application and module the template pertains to. Because templates tend to be general categories, they are often associated with system-level namespaces. |
|
Template Name |
The template the permission is based on. A template usually defines, in a broad sense, what the permission controls. Similar types of permissions share the same template. |
|
Permission Namespace |
The code designating the application and module this permission is associated with. |
|
Permission Name |
The descriptive name for this permission. In most cases this will match the Template Name. |
|
Permission Description |
Display only. Detailed information that describes the permission and its purpose. |
|
Permission Detail Values |
Display only. Detailed information that, in combination with the permission name, defines the permission's function. For example, if the permission name is 'Initiate Document,' the Permission Detail Values field indicates the specific type of document the initiate permission pertains to. Permission detail values can include many different types of data. Some common types are defined below. documentTypeName: The name of the document type associated with this permission. routeNodeName: The point in a document's workflow routing at which this permission becomes relevant. routeStatusCode: The routing status that a document must be in for this permission to apply. propertyName: Often, a field or document element that the permission pertains to. |
|
Granted to Roles |
Lists the namespace and name of roles that have this permission. Click on the linked name to view the Role inquiry. |
To view an Inquiry screen for a permission, select the Permission Name of the appropriate row in the search results. The Inquiry screen contains the same information as the Search Results in a slightly different format.
 |
The Permission document includes Document Overview, Permission Info, and Permission Details tabs.
 |
This tab identifies the permissions with a unique system-assigned ID number, a template, namespace, name and description.
 |
Permission Info tab definition
|
Title |
Description |
|
Permission Identifier |
Display only. The unique, system-assigned ID number that identifies this permission. |
|
Template ID |
Required. Select the Template this permission is associated with. Templates identify broad permission types. |
|
Permission Namespace |
Required. An indicator that associates the permission with a particular application and module. |
|
Permission Name |
Required. A text name identifying this permission. |
|
Permission Description |
Optional. Enter a text description of what this permission does. |
|
Active Indicator |
Required (defaults to 'Yes'). Change the default selection if you wish this permission to be inactive. Inactive permissions will be disregarded by KIM when doing permission checks. |
This tab identifies the permission values that KIM needs to make this permission function. These values vary greatly depending on the type of permission being created. It is highly recommended that users view similar permissions (those with the same Template ID) and discuss Permission Details with technical resources to ensure values are entered correctly.
 |
Permission Details tab definition
|
Title |
Description |
|
Permission Details |
Optional (though most permissions require some details to be functional). Enter the permission details specific to this permission. Details should be entered as the name of the property followed by an '=' followed by the value of the property. When entering multiple details they should be separated by a hard return in the text box, such as: componentName=IdentityManagementPersonDocument |
