Purpose

This form is used to apply Communications restrictions to a Security Role.

Subsystem

Security

This page is accessed in context from SECF0063 via the Communication Category Restrictions button. Note that these restrictions can only be applied to Security Roles not to users, hence this form cannot be accessed via SECF0062.

It allows an administrator to control the actions that users with a particular Security Role can perform on Communication Types of particular Communication Categories. Until restrictions are applied via this form, a Security Role will have no restrictions relating to any of the Communication Categories defined to this Security Role (except where a VIEW-COMC Advanced Function has been applied to the Security Role).

Note: Communication Categories are defined in CORW0600 and are used to group substitution tags (CORW0400) and Communication Templates (CORW0500) that are used for similar purposes.

An administrator can select specific Communication Categories to which a Role can be restricted from performing specfiic actions, such as editing or deleting. For each selected Communication Category, the administrator can specify if the role is restricted from: 

• Editing, viewing and/or deleting Communication Templates (CORW0500) and Substitution Tags associated with the selected Communication Category (by selecting the Edit, View and/or Delete check boxes).
  Note: If the Edit and View check boxes are not selected for a Communication Category, the Templates/Tags for the Category will not be available in LOVs for Communication-related activities for a user with the restricted role.
  e.g. The Communication Types LOV in GRDJ6300.
• Creating, editing, viewing, deleting, approving and/or rejecting Communication Categories and Items (CORW2000) associated with the selected Communication Category (by selecting the Create, Edit, View, Delete, Approve and/or Reject check boxes).

To apply 'view-only' access to a role for all Communication Categories, the administrator can use a single check box (i.e. 'View Only All Communication Categories') rather than selecting one category at a time. Selecting this check box applies the Advanced Function of VIEW-COMC to the Security Role and automatically deselects all restriction check boxes except the View check box for all Categories, such that the user will have view-only access to all communication templates, tags, categories and items for all categories. This role may be used for a user that needs to view historical communication items for a person.
In addition, the 'Communications Template and Substitution Tag Create Restriction' (COM-TT-CR) Advanced Function is automatically applied to the security role when the VIEW-COMC Advanced Function is applied (i.e. when the 'View Only All Communication Categories' check box is selected). Application of the COM-TT-CR function automatically restricts/prevents users with the selected security role from creating Communication Templates and Tags (i.e. they will have 'view-only' access to Templates and Tags).

This form works as other restrictions Forms work in Callista in that the level of access is restricted to what is specified against a role. If no category is specified against a role then a user with that role has access to all categories. That user has ultimate control over creating, editing, deleting and viewing communication types as well as viewing, editing, approving and rejecting all communication items.

Where a Communication Restriction is not applied against a user and this user should not have access to communication functions, then the administrator can control this by restricting access to the relevant pages.

Security Role block:

• Security Role
• Creation date
• Description

Rules/Notes:

Details of the context Security Role are passed from SECF0063 and cannot be edited.

To query for a different Security Role, go back to SECF0063.

Security Role Communication Category Restriction block:

• View Only All Communication Categories - (check box)

• Communication Category
• Description

Templates and Tags block

• Edit - (check box)
• View - (check box)
• Delete - (check box)

Categories and Items block

• Create - (check box)
• Edit - (check box)
• View - (check box)
• Delete - (check box)
• Approve - (check box)
• Reject - (check box)

Rules/Notes:

Check boxes on the Communication Category rows indicate if a user with that Security Role has the ability to perform that action on communication items in that communication category.

If there are permissions granted from several categories for the same Communication Template and/or Tag, then the level of access granted defaults to the highest level set in the categories.

The View Only Access lamp displays if the 'View Only All Communication Categories' check box is selected.

When the 'View Only All Communication Categories' check box is selected, a warning that this action will remove any existing communication category restrictions and create 'View-Only' restrictions for all open communication categories, is displayed, i.e. selecting this check box automatically applies the VIEW-COMC advanced security function. In addition, selecting this check box automatically adds the COM-TT-CR advanced security function which restricts users with the security role from creating Communication (CORW0500) and Tags (CORW0400) (note, 'view-only' access remains).

Where the ‘View all Communication Categories’ check box is selected, the ability to add individual Communication Categories to the role will be disabled.

When the ‘View all Communication Categories’ check box is de-selected a warning is displayed that the View Only access for all communication category restrictions will be removed. The VIEW-COMC Advanced Function is removed from the security role. However, the COM-TT-CR function remains (this can be removed via SECF0063, if required).
After saving this deselection, restrictions can then (and may need to) be applied to any open communication categories for this Security Role.

A Communication Categories record cannot be saved with no restriction check boxes being set. This represents a non-restricted record. Either the details must be modified or the record removed.

When any of the Create, Edit, Delete, Approve or Reject check boxes are selected, the View check box must also be selected.

When the Create check box is selected, the Edit check box must also be selected.

Note that if a user elects to delete a number of communication items in CORW2000, they must have 'Delete' privileges selected for all Communication Categories to which these items belong, otherwise none will be deleted. i.e. they must not have relevant Communication Category restriction record for their user role without the Delete Items check box selected.
Note also that Communication items are logically deleted in each case.

It is not possible to have no Communication Category Restrictions for a selected Communication Category, i.e. at least one check box must be selected in the Templates and Tags block and the Categories and Items block for each Communication Category.

To apply communications restrictions to a security role:

• Go to SECF0063 and query for the required security role.
• Click on the Communications Restrictions button to open this form in context of the Security Role.
• To make all Communication Categories 'View only' for this Security Role click the 'View Only All Communication Categories' check box and save. This also applies the COM-TT-CR advanced security function which restricts users with the security role from creating Communication Templates and Tags.
  Note: Selecting this check box automatically removes all existing Commmunication Categories that were listed in the Security Role Communication Category Restriction block.
• To apply particular individual restrictions to a Communication Category, select that Communication Category using the LOV and then deselect the appropriate restriction check box(es) as required and save.

Rules/Notes:

Note the above validations that apply to the Security Role Communication Category Restriction block.

Note: You can remove the COM-TT-CR advanced security function via the Advanced Functions button in SECF0063, if required.