SECF0041 - Maintain Security Role Note Type Restrictions

Purpose

To restrict Security Role access to Note Types.

SubSystem

Security

Normally Run By Administration specialist
Anticipated Frequency As required
Structure  Blocks Security Role
Person Note Type Restriction Tab
Enrolment Note Type Restriction Tab

This form is used to restrict access to different Note Types by user’s with a particular User Role.

The Note Types available to a user and the operations that can be performed on accessible Notes Types are determined by the cumulative effect of restrictions applied at the Security Role Level and the User Level (this form). Enrolment Note Types may be subject to additional restrictions through Organisational Unit Restrictions.

If a user does not have access to particular note, either :
- because it is an enrolment note for a study element owned by an organisational unit that the user doesn't have access to (i.e. via SECF0032), or
- because it is restricted at the user's role level (i.e. via SECF0041), or
- because it is restricted at the user level (i.e. via this form),
then no evidence of its existence will appear to the user in the relevant Note form or any of the Inquiry forms, or via SQL query.

To understand more about the cumulative effect of these Note Type Restrictions, see Note Type Restrictions.

This form is accessed from the Maintain System Users form (SECF0021).

The Security Role block contains:

  • Security Role
  • Creation Date
  • Description

The Person Note Type Restriction Tab contains:

  • Note Type
  • Description
  • Insert check box
  • Update check box
  • Delete check box
  • Restricted Select check box

The Enrolment Note Type Restriction Tab contains:

  • Note Type
  • Description
  • Insert check box
  • Update check box
  • Delete check box
  • Restricted Select check box

Rules/Notes:

 

The Security Role block displays previously recorded Security Role details. Query functions cannot be performed in the Security Role block.

Use this form to restrict access for a Security Role to Note Types. These restrictions act together with Note Type restrictions applied to users. Where the Note Type is an Enrolment Note Type, further restrictions may apply through Organisational Unit Restrictions.

For a particular note type:

  • Deselecting the Insert checkbox removes the ability of the user to add a note of the particular note type.
  • Deselecting the Update checkbox removes the ability of the user to modify a note of the particular note type.
  • Deselecting the Delete checkbox removes the ability of the user to delete a note of the particular note type.

Selecting the above checkboxes allows the user to perform the operations.

The Restricted Select Allowed checkbox works differently. When selected, it permits the user to view only data associated with the Note Types recorded in this form. When deselected, the user can view data for any Note Type allowed by their Organisational Unit Restrictions and Security Role(s) but can only perform operations as indicated by the other checkboxes.

Rules/Notes:

Person Note Types and Enrolment Note Types are displayed in alphabetical order.

Adding restrictions to a Role reduces the access for a user with that role and further restrictions may be applied to an individual user in SECF0040.

Selecting an Update, Insert or Delete checkbox enables a person with that role to perform that action for the Note Type. (As long as restrictions have not been applied to that user at the User level). Deselecting a checkbox will stop a user from being able to perform the action.

Selecting a Restricted Select Allowed checkbox for any note type restriction record causes the Restricted Select checkboxes for all records to be selected. Inquiry access is then restricted to the Note Types recorded here.

A record cannot have all three of Update, Insert, Delete, checkboxes set unless the Restricted Select check box is also selected.

The reverse also applies, that the above check boxes should all be unchecked before saving.

When a note type restriction is applied to a Role, the Effective Note Restrictions for users with that role (overall restrictions taking into account Restrictions on that user and also restrictions on the role(s) that they have been granted) are redetermined and:

  • If their is a conflict in any user's restrictions (i.e. Note Types from within the same Note Type Group have different Restricted Select values) then a warning will display and log records will be created that can be viewed in GENF0001.
  • If there is an overlap in any user's restrictions (i.e. Different Note Type Restrictions applied to a Note Type) then no warning is displayed, but log records (overlap) are created and can be viewed in GENF0001.

The Effective Note Restrictions applying to particular users can be viewed using SECF0043.

Person Notes are viewed in ENRF3070.

Enrolment Notes may be Student Course Attempt Notes, Student Unit Set Attempt Notes or Student Unit Attempt Notes.

Student Course Attempt Notes are viewed in ENRF3080.

Student Unit Set Attempt Notes are viewed in ENRF3081.

Student Unit Attempt Notes are viewed in ENRF3082.

 

 

Last Modified on 31 May, 2006