Security Groups
Security Menu Item > Operators > Security Groups
Security Groups
Operators who have the same access level can be grouped together, eliminating the need to set each operator's individual access clearance separately. After a Security Group has been set up, supervisors can then simply select the Security Group from the PopUp list when setting up a new Operator in the Operators Window.
Adding a New Security Group
Click the Add button at the bottom left of the Security Groups window. A new list item will appear with an empty form to its right. Fill in the blank text boxes.
Add new security group
Supported Client Apps
This setting decides whether the security group has access to Windows Client (Patriot Client Programme) or Web/Mobile Client (ICA and Plink).
Operators always have access to Windows Client, even the security group he belongs to doesn't support Windows Client.
Group Type
The options could be different depending on the setting of Supported Client Apps. Different Group Types have access to different security rights.
The combination of Supported Client Apps and Group Type decides Web Client Access Level.
Security Rights
The security rights are categorised into a tree.
Each right may contain other related rights inside it which are related to that area or function.
The root of the tree is Main Program Access, which is required to log in.
The Edit Client right is required to make changes to a client record. The child rights contained within Edit Client allow operators to make changes to the specific areas of the client.
Checking a parent right labelled "Edit..." will enable editing to everything underneath the parent right which is not explicitly set by a child right. E.g. checking the Edit Contact Details parent right will implicitly enable editing of the client's address since no child right exists for client address.
The rest of the rights follow the main menu structure. For example, the security right System Menu > System Settings Menu > System Wide Settings allows access to the corresponding menu item System > System Settings > System Wide Settings.
Some menu right items also have permissions for the screen opened via the menu. For example, under Monitoring Menu > Current Activations are rights related to the current activations screen. These rights affect what operators can do once they open the Current Activations screen.
Some client security rights under Edit Client right have three way settings:
Edit - If the security right sets to Edit, it means the security right is assigned and the operator is allowed to edit the context.
View - If the security right sets to View, it means the security right is not assigned and the operator can view the context only.
Hide - If the security right sets to Hide, it means the security right is not assigned and the context is hidden from the operator.
Set the security rights for the new group by expanding the categories in the tree, and checking the box for each right required by your operator group. You must enable a right before enabling rights contained inside the right. For example, the 'Signal Browse Pause' right cannot be assigned unless the 'Signal Browse' right itself is also assigned. In general, the parent rights only give the minimum access possible, and one or more child rights must be added to allow the operator to use the features. When logging in, operators will not see a menu if they have no access to any of the items within it.
Click the Save button on the form to save the new Security Group
Security Right Definitions
Most security rights are self-explanatory. The following additional information is provided:
- Edit Permanent Testmode - If this option is unchecked, an operator is limited to setting testmode to a maximum of 24 hours ahead.
- Reports Menu - in addition to giving access to the main Reports Menu, this right also gives operators access to the Run Report shortcut buttons on the Reporting tab of a client file.
- Only Use Auto Select - When this security right is selected, operators must use the Auto Select button to open and take ownership of new activations. This security right also disables all the activation buttons which affect multiple activations: Multi On Hold, Remove, Multi Complete, and Multi Sleep. (These options will still be available for administrators.)
- Edit All Operator Notes - Without this right, the operator can only edit their own Operator Notes on Activations. (Other operators' notes will be read-only.)
- Response Tab - To completely hide the Response tab in the ICA website for a security group, you need to choose the Hide setting for Response Notes, under the Status Tab Displayed tree item.
- Work Order List - There is significant overlap between Work Orders and Dispatch Jobs. Therefore, note-related and billing-related work order security rights also apply to Dispatch Jobs. Note that overall access to Dispatch Jobs can still be controlled using the Dispatch Jobs List right.
- Change Password - Gives the operator the ability to change their own password.
Mandatory Multi-Factor Authentication
This setting is available if the security group supports Web/Mobile Client.
When enabled, users logging in to ICA will be required to register a Multi-Factor Authenticator device to provide additional account security.
Remote Action Plan Filtering
This setting is available if the security group ONLY supports Web/Mobile Client. It will only show signals/activations with action plans the security group has access to.
This setting only applies to:
- Remote users belonging to this security group
- Signals/activations displayed in ICA.
It does not apply to operators.
Operator Note Access
This setting is available if the security group ONLY supports Web/Mobile Client. It decides what types of operator notes are accessible to the security group.
This setting applies to:
- Remote users belonging to this security group
- Signal history in ICA
- operator notes of activations in ICA
- dispatch notes of dispatch jobs in ICA
- corresponding reports run via ICA.
It does not apply to operators.
If you run a report as an operator, via either ICA or Patriot Client Programme, then only the System Wide Settings will apply.
If you run a report as a remote user via ICA, then both settings will apply. The report data will be filtered on security group settings AND system settings. Only notes satisfying both settings will be included in the report.
There is a similar note type filter in the Report Settings section of System Wide Settings to restrict the note types included in a report. It applies globally.
Remote Dashboard Filtering
This setting is available if the security group supports Extended Access or Monitoring.
- Build-in Dashboard Access: Users can access the default dashboard template which is provided by Patriot.
- Full Dashboard Access: A list of customised dashboard JSON.
ICA Report Access
This setting is available if the security group supports Web/Mobile Client. It decides what reports are available via ICA.
Changing Security Group Records
Click to select the Security Group from the list Security Groups Window. Edit the desired fields and click the Save button
View Sensitive Details
Sensitive information in clients accounts in the operator logs is hidden.
- Instead, these entries will show Sensitive Data - Use Display Passwords option to display in place of the password. This option is accessed through Current Operator > Display Passwords menu.
- If Operators have the administrator right then Display Password will be visible in the Operator menu, once this option has been clicked they will be able to view passwords until they log off.
Deleting Security Group Records
Click to select the Security Group you wish to delete from the list in the Security Groups Window. Click the Delete button.
The delete command cannot be undone so it is advised that you proceed with caution.