Role-Based Permissions: A How-To Guide (Part 1)
Posted by Bart Hendrickx
If you manage which users can access your Questionmark environment and define what they can do when they log on, you know that controlling access can take time.
I’d like to take you through a two-part scenario that will demonstrate how to control access efficiently and navigate changes in job roles effectively.
Imagine welcoming Ella to your team as a new colleague. She will be using Questionmark, and you want to make sure she has access to those functions of the software she will need—no fewer, and certainly no more. Then you ask yourself: What will Ella be doing? What will be her role?
Maybe the answer is along the lines of “she will be replacing Wendy.” Then you might wonder, “OK, so what was Wendy’s role?”
It is natural to think about what people do and the roles they play when you discuss what they should be allowed to do in a software system. And you may be accustomed to using Questionmark Enterprise Manager’s profiles to set things up, by storing a set of permissions in a profile, creating an administrator account and linking the profile to it.
This works well until you come across a colleague who will be actually doing more than one thing (don’t we all?).
“Yes, Ella will be replacing Wendy, but she will also be taking some of Bill’s workload.” You have assigned Wendy’s profile to Ella; she can now run several reports. You want to assign Bill’s profile to her as well. You can’t assign Bill’s entire profile to Ella, but you can compare the two profiles to see where they overlap. It turns out that in addition to what Ella has inherited from Wendy’s profile, Bill can run all reports, so you add the permissions for the remaining reports directly to Ella’s user account.
Two months later, your team restructures some of its operations. “We won’t be running Grade Book reports anymore and we want that permission removed from the users.” You think hard. Who was it that had this permissions? Can’t I just edit the profiles? That won’t update existing users. And what about those users who had the permissions applied directly to them? I can’t judge that merely by the profile that is attached to them. I’d better edit all those users one by one to be sure.
You stare at the list of almost 50 administrators in your system, decide to get a coffee, sit down and take a breath. This is going to take a while.
In my next article, I will explain how to avoid this pitfall by setting up permissions more efficiently.
Interested in learning more about Role-Based Security in Questionmark OnDemand? I will be presenting a session on effectively managing users at the 2016 Questionmark Conference in Miami, April 12-15. Register by March 3 for a final chance to take advantage of our early-bird discounts…click here to register and learn more about this important learning event. Hope to see you in Miami!