Security is an important aspect of any solution. To this end (and based on your feedback) we now have the following administrative roles available in the portal. These roles enable those in your organization with access to perform relevant tasks as outlined below.
TABLE OF CONTENTS
- Self-Service: User Team Setup
- User Access (Portal Admin)
- Customer Access
- Report Access Preparation: Domain Setup
- Report Access Preparation: Role Setup
- Report Access Preparation: User Setup
- Report Access - Setting up access by: Domain, Role or User
- Customer Admin – This is the global admin role which allows the user to add, edit and remove admin users and the roles that are assigned to them.
- Impersonate – This role allows the user to impersonate a customer and see the reports as they (your customer) would see them so that they can check the data before engaging with that customer.
- ClientReportingAdmin – This role allows the user to set up your customers with access to the customer facing reports.
- ReportAccessAdmin – This role allows the user to access the ‘Workspace Report Administration’ page, which in turn allows the setup of the workspaces to either all users or specific users within your organization to access the reports.
- SelfServiceAdmin – This role allows the user access to all other self-service modules that we add to the portal.
- At present we have the User Teams setup self service module that allows you to specify which users belong in which teams within your organization. As other self-service modules are developed, we may increase the roles to provide further granularity.
The below diagram shows the layout of our administration tools. Under the final section for Report Access, there is an additional diagram explaining that the first three sections in Report Access for Domain, User and Role access is the preparation that is done prior to giving Report access in the final step.
In Short,
Under Administration, you can navigate to either Self Service or Security.
Self Service will hold (as it becomes available) some functions that is currently performed by the support team at Cognition360. Currently only User team setup is available. This does not affect the portal and who can interact with it. These changes affect how users are displayed in reports only (which teams)
Security holds the Portal administration area. This is not reporting access but the highest-level access for Portal access management.
Customer Access allows a user with the correct Portal Admin access to add the domain information for one of your existing customers.
Report access consist of four nodes - the first three are considered the "set up" areas whereas the final allows you to give access to either or all of the areas covered in the first three (being domain access, user access & role access)
Self-Service: User Team Setup
The first area we cover is the User team setup under self-service. This is the same task as described under our article "Updating your staff team assignment." The process is still the same with the exception that you can now make these changes yourself if you have the correct permissions. At a minimum you would require "SelfServiceAdmin" with other permissions added as they become available, and you require access like "UserTeamAdmin".
For other self-service tasks (as they are added) you would need to get access to those as they become available (and if you require that access)
Note: In order for the new team's name to replicate to the database, you have to assign at least one team member to that Team Name.
You can either add a new team name by clicking on "new" or
you can edit a team name by selecting "edit" next to the entry you wish to edit.
Once you have clicked on edit, simply update the team's name in the field, then select update.
Please remember that if you add a new team name, you have to add at least one user otherwise the new team's name will not update to the database.
Most importantly - don't forget to click Save.
- If you want to update users to the newly created team or make other team changes, simply select the name of the person you want to apply the change to.
- The highlighted cell shows the current team associated with that user.
- If this is correct then save, otherwise, in step 2 select the correct team. Now Save.
User Access (Portal Admin)
Please note, this is the main administration area where core permissions are held. If you are unsure of anything, please feel free to reach out to us at support@cognition360.com and we will gladly assist.
Any users added in here can be given different levels of access to maintain access within the portal.
Edit a user’s Email address (Identity E-mail)
Edit a user’s Portal Administration rights.
- Select the user by clicking on the radial button (1)
- Select or deselect the roles listed in section 2.
- Save the changes before navigating away.
Customer Access
Administration / Security / Customer Access
“Activate” one of your current customers to enable portal access.
Select the customer from the dropdown box.
Once the customer is selected, Click on “new”
Now add the customer domain, toggle the “IsActive” flag and click on update to save.
To edit these details or delete these, you can click on either option on the line representing the item you wish to update.
The IsActive flag on this screen cannot be toggled, this is an indicator only.
Examples of access
Type of Access | Process | Report Associated to domain. | User | Can See the report. | Comments |
Domain | Access granted to a specific domain i.e., thisdomain.com. All users within that domain can access the report/s assigned to that domain. A user outside of that domain cannot see the reports. | Time Entry | Bob@thisdomain.com | P | Bob has access via his domain as set up under domain permissions. |
Common Issues | Charles@thisdomain.com | P | Similarly, Charles also has access via his domain. | ||
Time Entry | Nicky@bestdomain.com | O | Nicky cannot access reports in “thisdomain” as she is not part of that domain. Nicky can however get her domain added to see her own reports. | ||
User | Access granted to a user is specific to that user i.e., Nicky@bestdomain.com has been granted access to a set of reports. Those reports can only be viewed by her and any other person who has the appropriate access. The row level security ensures that only YOU can see the information for YOUR organisation if you have been given the appropriate access. | Time Entry, Configuration Tickets, Technology business review etc. | Nicky@bestdomain.com | P | Nicky has been given user access to these reports; therefore, she can see and interact with these reports. |
Time Entry, Configuration Tickets, Technology business review etc. | Paul@bestdomain.com | O | For Paul to see these reports, he needs to contact an administrator to request the appropriate user access | ||
Sarah@bestdomain.com has been given access to some Finance reports. Nicky is unable to view these reports as her access does not extend to these reports. | Agreement Profitability, Invoice Profitability | Sarah@bestdomain.com | P | Sarah has the appropriate user access to view these finance reports. | |
Agreement Profitability, Invoice Profitability | Nicky@bestdomain.com | O | Nicky does not have the appropriate access to view these reports. She needs to contact an administrator to request the appropriate user access. | ||
Role | In our example, Pete@worlddomain.com has access to all the reports in each of the roles he has been given access to. If a user is not assigned to a Role, then they cannot see any of the reports associated to that role. A person with user level access to a report or reports can still see those individual reports. | Agreements | Tina@worlddomain.com, Pete@worlddomain.com, Jessica@worlddomain.com, | P | Aaron@worlddomain.com and Adam@worlddomain.com cannot access these reports as they are not assigned to this role. |
Finance | Pete@worlddomain.com, Jessica@worlddomain.com, | P | Everyone wants access to these reports, however, only Pete and Jessica have access to these reports. | ||
Projects | Mike@worlddomain.com, Aaron@worlddomain.com, Adam@worlddomain.com, Pete@worlddomain.com, | P | Mike, Aaron & Adam only has access to this Role therefore can only see the reports assigned to this role. |
Note: You cannot set up client facing reports without that client's domain being set up.
As alluded to earlier in this document, the Report Access section has two distinct parts to it.
1) Allows you to set up the details for the access (i.e. Domain, User or Role)
2) Once you have set up the domain, user or role, grant access to the reports via either of those three areas.
Report Access Preparation: Domain Setup
Administration / Security / Report Access / Domain Setup
To add a new domain, click on “new”.
Fill in the domain name, set the Active Flag and Save.
To edit an entry, simply click on the “edit” button associated with the record you wish to change. Now update the domain name, and save, or if you want to make that domain Inactive, simply click the “Active” box to de-active, then save.
Report Access Preparation: Role Setup
Administration / Security / Report Access / Role Setup
By clicking anywhere on the “line item” which is a role, you can see which users have access and whether that access is active.
You can manage access on screen. If you need to edit a lot of details, we encourage you to send us an email (support@cognition360.com) with your requested changes.
To create a new role:
- 1) Click on the new button.
- 2) Add your role name.
- 3) Add a description.
- 4) Select whether the role is active or not,
- 5) Select the users that will have that role (You cannot add a user to the role if the user has not yet been created)
- 6) Don’t forget to save.
Once the role is created, you can edit at any point by clicking on the edit button on the left of the line corresponding to the role you want to edit.
Report Access Preparation: User Setup
Administration / Security / Report Access / User Setup
To add a new user, click on the “new” button.
Add the user’s information, click on the “active” selection to ensure the user is active, now save.
To edit any details, simply click on the “edit” button that corresponds with the record you wish to edit.
Update the user’s information and save.
Report Access - Setting up access by: Domain, Role or User
Administration / Security / Report Access / Report Access
Report Access is divided into three areas of “preparation” which has been listed before, (Domain Setup, User Setup and Role Setup) with a fourth to apply the access as per what has been set up in these sections.
At this stage, we will use either the Domain, and or the user and or the role to set up the required access. It is in this area where we manage who / or which organization / or which role, can see the reports.
Domain access
Role access
User access
DOMAIN Access
Our portal has a nice feature which allows you to move columns into the headers to group by that header.
In our example we click and hold the “Report” column and drag it towards the header (White area with the words “Drag a column header here to group by that column”)
You can now sort the reports by clicking on the “new” report button. Use the dropdown buttons to interact and update the domains access.
To undo this, simply click on either Role Access or user Access and the view will reset.
To add report access to a domain, click on new.
- 1) Use the dropdown button to select the report.
- 2) Use the dropdown to select the domain.
- 3) Select whether this access is Active.
- 4) Now Save.
You can add as many reports as you wish to a domain, however, be mindful that if some reports are not meant for anyone at that domain, opt for User or role access instead.
To Edit Simply click on the “Edit” button that corresponds with the item you wish to change.
- 1) Use the dropdown button to select the new report,
- 2) or use the dropdown to select the new domain.
- 3) Select whether this access is Active.
- 4) Now Save.
ROLE Access
We have a good number of reports. We recommend you use the “group” functionality to make things easier to manage.
Drag any column into the header (White area with the words “Drag a column header here to group by that column”)
By using the dropdown, we can see that the Role: Agreements have three reports associated with it.
We can remove reports or add reports.
The reports do not have to be from a specific section. Therefore, we can create a role with a variety of reports.
In our Role called "Example", we have created a few reports that a user in that role will have access to.
To add new reports, simply click on New then enter the Role and Report name. Finally Save.
- 1) Click on New
- 2) Select the Role from the dropdown list.
- 3) Select the report from the dropdown list.
- 4) Toggle the Role to “active”
- 5) Save
Below is an image of our example role before and after the addition.
The final area is User access.
Use this if you want to give a particular user access to some reports. This is the most time-consuming way of providing access, so we recommend you use role access for larger distribution groups.
You may already have some users with access, if not, you can add them now.
- 1) Under User Access
- 2) Click on “new”
- 3) Select the report from the dropdown list.
- 4) Select the user from the dropdown list.
- 5) Toggle whether this access is active or not.
- 6) Save
As always, you can edit or delete by clicking on the relevant options.
In some instances, you may be prompted to confirm a selection.
For any questions or assistance with setup, please do not hesitate to reach out to support@cognition360.com