Role

> > > >

The Role document allows you to create a new KIM role and edit an existing role. Each role aggregates a specific set of permissions and responsibilities and allows you to assign members to the role. OLE contains many existing roles that your institution may want to use as is, but you may also change existing roles and add new ones by using the Role document.

The purpose of each role is defined by its associated permissions and responsibilities. Roles are classified by types that generally indicate the type of permissions and responsibilities with which they can be associated.

Note

The process of creating a new type requires technical assistance. Consequently, KIM does not provide an interface for creating role types.

The Role document includes Document Overview, Overview, Permissions, Responsibilities, and Assignees tabs.

This tab identifies the role with a unique system-assigned ID number, a namespace and a name. Each role also has a type which tends to match the types of permissions and responsibilities associated with it.

Overview tab definition

Title

Description

Role

Display only. The unique, system-assigned ID number that identifies this role.

Type Name

Display only. Because the role type normally reflects the type of qualifiers this role will need to collect when members are added, this name usually identifies the general types of permissions and responsibilities associated with it.

Note

When creating a new role, you must select its type before the system will generate the document. See Creating New Roles.

Role Namespace

Required. An indicator that associates the role with a particular application and module.

Role Name

Required. The common descriptive name by which this role is known.

Active

Check this box to indicate that this role is active and is, therefore, to be included by KIM when evaluating permissions and responsibilities. Uncheck the box to indicate that this role is inactive.

When you click the Create New button, the system displays the KIM Type Lookup. You must search for and select an existing Type in order for the system to generate a new Role document.

Note

Note that while the KIM Type Lookup is used when creating new groups and roles, not all KIM types are valid for both. When using this Lookup, you may receive different results depending on the KIM types that are valid for the entity you are working with.

This tab identifies the permissions associated with this role. Permissions authorize specific actions in the system with which they are associated. A role can have any number of permissions (including no permissions) associated with it.

Permissions tab definition

Title

Description

Add Permission ID

To add a permission to this role, enter the appropriate permission ID or search for and select a value using the Permission lookup .

Add

Click the Add button to add the selected permission to this Role document.

After you add a permission to the document, the system displays additional information about the permission.

Note

Permissions cannot be edited via the Role document. Use the Permission document to perform this function.

Permissions tab definition, continued

Title

Description

Permission Namespace

Display only. The Namespace identifies the application and module associated with this permission.

Permission Identifier

Display only. The unique system-assigned ID number for this permission.

Permission Name

Display only. The descriptive name of this permission. This often identifies, in general terms, what the permission authorizes.

Permission Detail Values

Display only. The document types, tabs and/or fields this permission authorizes. Not all permissions have detail values.

Active Indicator

Display only. Indicator showing whether this permission is active within the system or not.

Actions

Click the Delete button to remove this permission from the role.

Note

You may delete a permission only if it has not yet been saved to the database (i.e., you added it to this role but have not yet submitted the document).

This tab identifies the responsibilities associated with this role. Responsibilities define the workflow actions that will be requested of the role. A role can have any number of responsibilities (including none) associated with it.

Responsibilities tab definition

Title

Description

Add Responsibility ID

To add a responsibility to this role enter the responsibility ID or search for and select a value using the Responsibility lookup .

Add

Click the Add button to add the selected responsibility to this Role document.

After you add a responsibility to the document, the system displays additional information about this responsibility.

Note

Responsibilities cannot generally be edited via the Role document, but some responsibilities have associated definitions that you must define at the role level. For information about editing responsibilities, see Responsibility.

Responsibilities tab definition, continued

Title

Description

Responsibility Namespace

Display only. The Namespace identifies the application and module associated with this responsibility.

Responsibility Identifier

Display only. The unique system-assigned ID number identifying this responsibility.

Responsibility Name

Display only. The descriptive name of this responsibility. For most Responsibilities the name is 'Review.

Responsibility Detail Values

Display only. This identifies more specific information about the responsibility. Responsibility Detail Values are formatted in a standard way with the following definitions delimited by commas:

Route Node: The workflow route level at which this responsibility is invoked.

Document Type: The document type for which this responsibility generates workflow requests.

Action Details at Role Member Level: A True or False indicator that defines where the details of this workflow action request are defined. If the value is 'True' then action details will be collected when Members are assigned to the role. If the value is 'False' then the action details must be collected when this responsibility is assigned to a role (see Assigning Action Detail Values.)

Required: Indicates if the routing represented by this responsibility should be required. If this is set to True and the responsibility fails to generate an action request (perhaps because no one is assigned to the associated Role) then the document will go into Exception status. If this routing is optional this value will be False and the document will simply skip this responsibility if no requests are generated.

Active Indicator

Display only. Indicator showing whether this responsibility is active within the system or not.

Actions

Click the Delete button to remove this responsibility from this role.

Note

You can delete a responsibility only if it has not yet been saved to the database (i.e., you have added it to this role but have not yet submitted the document).

When adding a responsibility with an Action Detail Values at Role Member Level value of 'False,' you must complete additional fields in a Responsibility Action sub-section. The system displays this section immediately beneath the responsibility you've just added.

The fields in this sub-section define the type of action requests generated for and the general workflow behavior associated with this responsibility. Entries in these fields cause the system to generate the same type of action requests for all members of this role and handle actions by all members in the same way.

Responsibility Action subsection definition

Title

Description

Name

Display only. The namespace and name of the responsibility associated with these action details.

Action Type Code

Required. The type of action request that the system is to generate for this responsibility. Options include Approve, FYI and Acknowledge.

Priority Number

Optional. If multiple requests are generated at the route node specified on this responsibility, this value determines in the order in which the system will generate these requests. The system processes requests with lower priority numbers before processing requests with higher numbers. Requests with no number are treated as a priority of 1.

Action Policy Code

Required. This value determines what happens if multiple members of this role receive the same action request and one of them takes the action. This currently only applies in situations where a single action request is generated to multiple role members (i.e. the action details exist at the role level) or a role is assigned to another role and these nested role members receive an action request. For example, if a role with a responsibility with action details defined at the role level has three members assigned, all of these members receive the action request defined here; this code determines what the system does when one of them takes action on the document.

A value of FIRST indicates that the first role member to take action on the document will automatically clear all the requests for this responsibility that may be in other role member's action lists.

A value of ALL indicates that each role member must take individual action to clear his or her requests.

Force Action

Check the box to indicate that each user must take this action for this request even if the user has already previously taken action on this document. Leaving the box unchecked allows a request to be immediately fulfilled if the role member has previously taken action on this specific document.

This tab contains all members who belong to this role. You may also use the tab to add new members and edit the values associated with existing members.

Assignees tab definition

Title

Description

Type Code

Required. Role members can be principals (as defined on the Person document), groups or other roles. Select the type of member you want to add to this Role.

Member Identifier

Required. Enter the ID of the member you want to add or use the lookup to search for and select a valid value. The lookup directs you to the Principal, Group or Role lookup based on your Member Type Code selection.

Note

There is a reported bug that will not allow you to add anything other than a Principal. If you try to add a Role or a Group, the screen never finishes loading (OLE-6771).

Namespace Cd

Display only. Identifies the namespace code associated with this role member. Note that only groups and roles will display a namespace code.

Name

Display only. Identifies the name of the member being assigned to this role.

Active From Date

Optional. Allows you to qualify this member's association with this role by date. Entering a from date will define the earliest date on which this member is a valid member of this role.

Active To Date

Optional. Allows you to deactivate a member's association with a role on a specific date. The date you enter defines the date the user is no longer a member of this role.

Note

You cannot delete or inactivate role members. To remove a member from a role, specify an active to date.

Actions

Click the Add button to add this member to the role.

Note

Additional fields may be required, such as Chart Code or Organization Code, depending on the role type selected.

Note

Note that when assigning roles to other roles (nesting roles), qualifying values are not required. Some roles in OLE base data contain special logic to derive the required qualifiers from the nested role itself without qualifiers being specified. You may always specify qualifying values for a nested role and should do so unless you know the role being assigned contains logic to derive the qualifiers from the nested role. Roles without the proper qualifiers can cause problems throughout your OLE instance. Please consult with a OLE technical resource if you are unsure of whether or not to provide qualifying values when assigning a role to another role.

This tab identifies delegates associated with the role. Delegates are users that a member of this role has authorized to have the same permissions and take the same actions as the member is authorized to take.

The Assignees Tab dealing with Delegates is slightly different as detailed in the following table. Note that if the members of a role require qualifying values, the delegation requires these values as well. In most cases, delegates must have the same qualifiers as the role member they are associated with.

Delegations tab definition

Title

Description

Role Member

Required. Use the lookup to search for and return the member of this role you wish to create a delegate for.

Member Type Code

Required. Delegates may be principals (as defined on the Person document), groups or other roles. Select the type of delegate you want to add to this role.

Member Identifier

Required. Enter the ID that identifies the delegate you want to add or use the lookup to search for and select a valid value. Note that the lookup will direct you to the Principal, Group or Role lookup based on your Member Type Code selection.

Member Namespace Code

Display only. Identifies the namespace associated with the selected delegate. Note that only delegations to groups or roles will display a member namespace code.

Member Name

Display only. Shows the name of the selected delegate.

Active From Date

Optional. If you want you can qualify this delegate's association with this role by date. Entering a from date will define the earliest date on which this delegate is a valid delegate for this role.

Active To Date

Optional. Allows you to deactivate a delegate's association with a role on a specific date. The date you enter defines the date on which the user is no longer a delegate for this role.

Note

You cannot delete or deactivate delegates. To remove a delegate from a role, enter an active to date.

Delegation Type Code

Required. Select 'Secondary' or 'Primary. Note that this selection only applies to responsibilities associated with the role and indicates if the delegate will receive documents directly in their action list (Primary) or may choose to view documents in their action list using the secondary delegate list (Secondary).

Actions

Click the Add button to add this delegate to the role.

Note

Additional fields may be required depending on the role type selected.

Prev Up Next
 Home