11.07 User Access Control
Find it: System Configuration >> Infinity
Infinity is the name of the REACH User Access Security System. This is a robust and flexible system that allows you to have control across the entire user base to manage the Access, Behaviour and Control functions of every individual user in REACH.
There are two components in the structure of Infinity Access Control.
Base Security Profiles
Base Security Roles are sets of permissions that are saved as a security profile. You can have an unlimited number of Base Security Profiles and each Profile can have a different set of Access, Behaviour and Control permissions as its default settings.
As you create different types of User Roles in REACH (eg: Faculty, Leave Approver, Administrator) you can then allocate a Base Security Profile to each User Role. This sets the default permissions for Access, Behaviour and Control functions to each of the User Roles.
You can have an unlimited number of Base Security Profiles and User Roles in REACH.
Creating Base Security Profiles
Base Security Profiles are the foundation of the Infinity User Access Control system in REACH. A Base Security Profile is a default set of permissions that determine Access, Behaviour and Control capability for any User Role that has the Security Profile.
REACH has a number of Base Security Profiles presets
Your REACH portal already has a number of Base Security Profiles established as default settings. These are based on common security settings that we see implemented across our user base. The simplest way to create additional profiles is to Clone an existing profile and then adjust the permission settings that you wish to alter.
There are 14 categories of Permissions that can be set for any Base Security Profile and creating a new profile is simply a matter of configuring and saving a set of permissions for each of the Base Security Profiles that you want to maintain.
Each category of Permission has a set of capabilities and each of these individual capabilities need to be enabled or disabled in order to create the Base Security Profile.
Managing User Roles
You can create an unlimited number of User Roles in REACH. For each User Role that you create you need to apply a Base Security Profile (eg: Administrator) to the role which sets out the Access, Behaviour and Control permissions for that User Role across the various modules in REACH.
How to Create a new User Role
- Go to System Config >> Infinity and select the Roles Tab on the left side.
- Select the Add New Role button
- Give the Role a name and set the Base Security Profile for the User Role
This will apply the Base Security Level permissions to all users who have been set with the User Role in their personal profile (Security Setting)
You can manage User Roles in Bulk or individually
An important feature of the REACH Infinity User Access Control system is that it allows you to manage permissions for Users at an entire "Role" level or at the "Individual" user level.
How to adjust an individual user's permissions
There are times when you may need to adjust an individual's accessibility permissions so that they may perform their role adequately. Rather than requiring you to create an entirely new User Role for that individual user REACH allows you to edit an individual's accessibility permissions in their user profile. This enables you to adjustment permissions for that individual from the Base Security Profile that is set for their User Role.
To adjust an individual user's permissions from the defaults that are provided by the Base Security Profile applied to their User Role go t the user's profile page and edit their individual permissions in the "Accessibility" Tab of their user profile.