User-level security: Roles and Groups

Together, security roles and security groups let you control access to the ASP.NET-based features of iMIS; in contrast, older features of iMIS are secured using authorization levels (see Authorization level privileges (Desktop)). Security role and group assignments are defined in user records.

Security roles grant specific administrative privileges to user records. For example, one security role might let you use and edit an iMIS definition object in the Document System, while another role might let you use that object but not edit (or even see) its properties.

Security groups control which iMIS features group members see and which capabilities within each feature they can use.

Tip: User-level security is separate from object-level security (see Shared security sets, for object-level access), which restricts objects (folders, queries, reports) in the Document System.

Roles: SysAdmin

The default SysAdmin role grants privileges much like those of the MANAGER user record. Only a Full user can be a SysAdmin. Each SysAdmin can:

Edit user records, including logon names (unless that privilege is disabled in the web.config file for iMIS15)

Use System Setup

Use Tools (if licensed)

Administer Issues (if licensed)

Start e-mail server

Set up module

Groups

The following table describes the security groups that affects user privileges.

Group

Description

iMIS Feature

CampaignAdmin

Enables full-control access to the Campaign functionality and its objects

Marketing

CampaignMgr

Enables read/add/edit/delete access to the Campaign functionality, and read/edit access to its objects

Marketing

CampaignUser

Enables read-only access to the Campaign functionality and its objects

Marketing

Certification Admin

Enables full-control access to the Certification functionality and its objects

Certification

Certification Manager

Enables read/add/edit/delete access to the Certification functionality, and read/edit access to its objects

Certification

Certification User

Enables read-only access to the Certification functionality and its objects

Certification

EventUser

Controls security for IQA integration

Events

FRUser

Controls security for IQA integration

Fundraising

OpportunityAdmin

Enables full-control access to Process Manager and its objects

Process Manager

OpportunityCreator

In Process Manager, enables add privileges for projects, and read/edit/delete access to created projects, but read-only access to projects created by others

Process Manager

OpportunityMgr

Enables read/add/edit/delete access to Process Manager, and read/edit access to its objects

Process Manager

OpportunityOwners

Enables addition to a project's Owner or Contact group

Process Manager

OpportunityUser

Enables read-only access to Process Manager and its objects

Process Manager

OrderUser

Controls security for IQA integration

Orders

Reporting

Enables the Generate reports item on the iMIS Home page

n/a

RFMAdmin

Enables full-control access to the RFM application and its objects

Marketing

RFMMgr

Enables read/add/edit/delete access to the RFM application, and read/edit access to its objects

Marketing

RFMUser

Enables read-only access to the RFM functionality and its objects

Marketing

SegAdmin

Enables full-control access to the Segmentation functionality and its objects

Marketing

SegMgr

Enables read/add/edit/delete access to the Segmentation functionality, and read/edit access to its objects

Marketing

SegUser

Enables read-only access to the Segmentation functionality and its objects

Marketing

Group membership controls web access

Group membership determines whether a user sees Marketing and/or Process Manager from a web client.

To grant access to Marketing, place users in one of these groups:

CampaignAdmin

CampaignMgr

CampaignUser

RFMAdmin

RFMMgr

RFMUser

SegAdmin

SegMgr

SegUser

To grant access to Process Manager, place users in one of these groups:

OpportunityAdmin

OpportunityCreator

OpportunityMgr

OpportunityOwners

OpportunityUser

Note: Casual licensing prevents access Marketing or Process Manager, regardless of group assignments.


Copyright Advanced Solutions International, Inc. All rights reserved.
Because of licensing, security, and configuration choices, your implementation may differ from what you see described in the documentation.