Access Profiles

An Access profile is a set of access rights that can be granted to one or more users. With Access Profiles you can create and define sets of rules used to specify what users have access to, e.g. viewing, modifying and adding objects, or manipulating data.

Access Profiles can be found in the View menu, under Structure in the Window menu and in the toolbar.

Default profiles

The system contains a number of default profiles that allow you to give common sets of permissions to users.

Comment profile - allows users to add Comments to Comment lists on Scorecards, Perspectives, Strategic Objectives, KPIs, Strategic Initiatives, Risk assessments, Risk factors, Function risk factors, etc.
Manager profile - allows users to
- Add Comments to Comment lists on Scorecards, Perspectives, Strategic Objectives, KPIs, Strategic Initiatives, Risk assessments, Risk factors, Function risk factors, etc.
- Add Initiative tables, Risk assessment tables, Task lists, Checklists and Comment lists under KPIs, Strategic Initiatives, and Risk Assessments.
- Add Risk factor lists and Risk charts to Risk assessments and KPIs.
- Add Risk factors (but not Function risk factors) to Risk factor lists.
- Add Strategic Initiatives, Risk assessments, Tasks, Milestones, Checks, and Comments on all levels (if a Task list, Checklist, Risk assessment table, Initiative table or Comment list is available).

If a user with the 'Manager' profile adds an object they will be the owner of that object and thus have permission to add, edit and delete it and all children objects he/she creates.

Allow drill-downs profile - a special profile that allows users to view drill-downs. Makes it possible for the selected user to drill down.
Full access profile - gives users read, edit and delete access to all objects. This profile can be used by "Semi Admins" who are partially responsible for a scorecard, or perhaps during the build and evaluate stage.

If a profile has Add access to comments, a user with that profile is only able to edit/delete his own comments.

If a profile with Write access to comments, a user with that profile may edit/delete all comments.

The Everyone profile

The Everyone profile is one of the default profiles that is created when the Application is installed. This profile is automatically mapped to the Everyone group for all scorecards created in the system. In a default installation, i.e. where nothing has been specifically configured, this profile grants all users read access to all model objects.

Neither the Everyone Profile nor any of its mappings may be deleted, but it may be modified.

Creating additional Profiles

To create a new Profile, right click in the Access profile management panel, choose Add -> Access profile.

Access Profile properties

Settings

Enabled - specify if the the profile is available.

This option is selected by default. Deselect it to disable the access profile.

General

Name - the name of the access profile.

The default name is "Scorecard access profile". However, you can change it to a value of choice.
Description – an optional text to describe the access profile.

Top-level object access

Read - select for Corporater BMP to allow users with this profile to read data associated with top-level objects.
Write – select for Corporater BMP to allow users with this profile to modify data associated with top-level objects.

Default

Default settings - select the default permissions for users with this profile in the Business Management Platform model.
Strategic initiative defaults - select the default permissions for users with this access profile in the Strategic Initiative model.
Risk assessment defaults - select the default permissions for users with this access profile in the Strategic Initiative model.

Other settings

Drill - specify if users with this access profile can view the drill for a function.
Extended time span - specify if users with this access profile can select all available time periods in the period selector on Web, beyond those that regular users can access. For more information, see Time span.

Profile configuration

The Parent access panel includes a list of parent objects that are available in Corporater BMP and for which you can set individual access rights.

The Child access panel lists each child object that's available in Corporater BMP.

Based on your selection in the Parent access panel, the list changes to display children objects for that parent object.

To set access rights for a specific parent or child object, select that object from the corresponding panel.

To search for a specific object inside the Parent access or the Child access panels, click the All option inside the list and enter the first characters of the object's name.

The Rights assignation panel lists individual access rights for each child object.

Corporater BMP adjusts the list based on the selection in the Parent access and the Child access panels.

To identify a specific child object in the list, click the Child header. Corporater BMP sorts the objects alphabetically.

Assigning a right grants every user with the access profile the ability to perform the corresponding operation against the selected object types.

To assign a right, select the associated checkbox from the panel. , right-click the child object and select the associated Set option from the right-click menu.

To remove an access right, deselect the associated checkbox from the panel. , right-click the child object and select the associated Clear option from the right-click menu.

The access rights are the following:

Read - allows users with this profile to read the data of each child object of the selected parent object.

Example: If you select the 'Read' access right for the Status child object of the Scorecard parent object, users with this profile can then view each Status child object of a Scorecard parent object.
Write - allows users with this profile to modify the data of each child object of the selected parent object.

Example: If you select the 'Write' access right for the Status child object of the Scorecard parent object, users with this profile can then modify the properties of each Status child object of a Scorecard parent object.

If the child object is a comment, users with this profile can edit or delete the comment even if they don't own it.
Add - allows users with this profile to add a new child object of the selected parent object.

Example: If you select the 'Add' access right for the Status child object of the Scorecard parent object, users with this profile can then add a Status child object to a Scorecard parent object.

The right directly applies to the Add menu for that parent object both on Web and in Configuration Studio. Example: If you select the 'Add' access right for the Perspective child object of the Scorecard parent object, users with this profile can view the Perspective object in the Add menu for the Scorecard object.

Similarly, if you deselect the 'Add' access right for the Perspective child object of the Scorecard parent object, users with this profile won't view the Perspective object in the Add menu for the Scorecard object.

If the child object is a comment, users with this profile can edit or delete the comment only if they own it.
Delete - allows users with this profile to delete an existing child object of the selected parent object.

Example: If you select the 'Remove' access right for the Status child object of the Scorecard parent object, users with this profile can then remove a Status object from a Scorecard parent object.

To select multiple items in the panel, click and hold the Shift or Ctrl key.

To assign or remove all access rights in the panel, right-click the panel and select Set All or Delete All.

Audit

Modified by - the name of the last user to make changes to the object.
Last modified - the date and time when the object was last changed.
Created by - the name of the user who created the object.
Created - the date and time when the object was created.

Advanced

ID - a unique ID for the object.

By default, Corporater BMP assigns consecutive numbers to new objects.

You can change the ID to a value of choice that can include either letters or letter and number combinations.

The ID mustn't contain only numbers, include special characters such as ) ( . * } { + < > [ ], or match the name of a default object type in Corporater BMP.

Access control

Read accessors - click the Edit button () and authorize one or more users and user groups to view the object on Web.
Add accessors - click the Edit button() and authorize one or more users and user groups to add new objects to the object on Web.
Write accessors - click the Edit button() and authorize one or more users and user groups to edit the object on Web.
Delete accessors - click the Edit button() and authorize one or more users and user groups to delete the object on Web.
Ownership - click the Edit button () and grant ownership of the object to one or more users and user groups.

Users and user groups who own the object have full access rights to it.
Override access profile - select for the object's access control setting to outrank the object's corresponding access settings in profiles.