Note:
Administrator permissions are required to access the General
Security Profile form and the Entity-Dependent
Security Profile form.
For instruction on General and Entity-Dependent Security profiles, click the following links or use the scroll bar to scan the page.
|
General Security profiles govern authorization to security objects (usually forms and reports) and elements (form sections and fields) for which there is no dependency on Enterprise Entities. Entity-Dependent Security profiles govern authorization to security objects and elements where there is a dependency on Enterprise Entities. Both profiles are used to grant access to and specify usage privileges (read, update, add, delete) for each object/element within a module. For example, suppose five employees need to enter daily monitoring data in the software and generate summary reports. First, define a profile that provides access to just the monitoring data forms and the reports they need, as well as grants Read, Update, and Add user authorization. Then assign the profile to the five employees who enter the data. These employees would only be able to open and add or update the information in the forms and reports that are part of the profile.
Security elements are typically fields and sections on forms. Assigning element user privileges can further limit user access to important or sensitive information. However, in specific modules, less restrictive user privileges can be assigned for specific security elements. Refer to Setting Field-Level Security for additional information.
Security elements apply to select forms within Essential. A security object with available security elements appears as a link in the General Security and Entity-Dependent Security profiles.
The specific access rights for each permission option are provided below:
Permission |
Access |
Read |
Can only view data; cannot edit, add, or delete information on this form, or in this section or field. |
Update |
Can edit information on this form, or in this section or field. |
Add |
Can add information on this form, or in this section or field. |
Delete |
Can delete information on this form, or in this section or field. |
None |
Cannot open this form, or view this section or field. |
General Security profiles are established on the General Security Profile form. Entity-Dependent Security profiles are set up on the Entity-Dependent Security Profile form and are associated with Hierarchy Security profiles. General Security profiles and Hierarchy Security profiles are assigned to users on the User Manager form. The profiles can be edited at any time. Updated information will apply to all users assigned the profile. New profiles for a module can also be established as needed.
The permissions granted in the General Security profile and the default Entity-Dependent Security profile designated in the Hierarchy Security profile determine which security objects/elements are available to a user. The minimum level of authorization, i.e., Read permissions, must be assigned for a security object to be available. For example, if no permissions are granted for the Entity Compliance Owner object, the Compliance Owner field will not be displayed on the Enterprise Entity form. If no permissions have been assigned to the Materials object, the Material form link will not appear in the Navigation Tree. When all of the objects in one of the folders in the Navigation Tree are not granted permissions, the entire folder will not be displayed. Refer to Overview of Security and Access Profiles for additional information and more comprehensive security examples.
To establish General and Entity-Dependent Security profiles
Click Administration
> General Security Profiles or Entity-Dependent
Security Profiles in the Navigation
Tree.
The Security Profiles list
appears.
Click the New
button.
The Security Profile form is
displayed.
Enter the Profile Name.
Select a Module
from the list and click Save.
The Object Permissions section
is displayed. Each object (typically forms and reports) associated
with the chosen module is displayed as a line item.
Use the guidelines below to provide access and grant read, update, add, and/or delete user permissions for security objects. Refer to Setting Field-Level Security to include element security.
Click the Read, Update, Add, and/or Delete check box next to an object line item to grant user permissions to the object.
The minimum level of authorization, i.e., Read permissions, must be granted to a security object in order for it to be available to a user.
Leave all the check boxes blank when access should not be granted for an object.
To quickly grant permissions to all the objects, click the appropriate Select All link.
To quickly remove permissions assigned to one or more objects, click the appropriate Clear All link.
Click the Remove check box adjacent to the object line item to prevent access to the object.
Click Save.
Repeat steps 2 through 6 to establish other profiles.
Security elements are typically fields and sections on forms (security objects). Assigning element user privileges can further limit user access to proprietary, important or sensitive information. For example, on the Task Setup and Results form, you may want to prohibit edits to the Due Date field while allowing updates to task progress- and status-related fields. The Read, Update, and Add usage privileges are available for security elements. When the privileges assigned to the security object are more restrictive than those assigned to the elements associated with the object, the object's security settings override the elements'. For example, if Read permissions are assigned for the Task Setup and Results form and Read and Update permissions for the Due Date field, the field will be Read only because the form's (object) security is more restrictive and, thereby, overrides the field's (element) security.
Element security that allows users with limited form access the ability to modify document links and attachments associated with the form can be assigned in the Air, Audit, Compliance Manager, Task Manager, and Water modules. The object's security settings will not override the element settings for document links/attachments-related sections. For example, this functionality can be useful when you want to allow users read-only privileges for existing tasks or permits, but grant the same users authorization to modify the document links/attachments associated with those tasks or permits. In this example, just Read usage privileges are assigned to the security object and Read, Update, and Add usage privileges are assigned to the document links/attachments-related security element.
Note:
Security elements apply to select forms within Sphera Essential.
A security object with available security elements appears as a link in
the General Security and Entity-Dependent Security profiles.
To
set field-level security
Locate the profile on the applicable Security Profiles list, click the profile link to open the Security Profile form, and expand the Object Permissions section when necessary.
Click the security Object link to display the object's available elements.
Use the following guidelines to provide access and grant read, update, add, and/or delete user permissions:
Click the Read, Update, and/or Add check box next to an element line item to grant user permissions to the element.
Leave all the check boxes blank when access should not be granted for an element.
To quickly grant permissions to all the elements, click the appropriate Select All link.
To quickly remove permissions assigned to one or more elements, click the appropriate Clear All link.
Click Save.
Locate the profile on the applicable
Security Profiles list, click
the profile link to open the Security
Profile form, and expand the Object
Permissions section when necessary.
Each object associated with the chosen module is displayed as a line
item.
Use the following guidelines to edit access and user permissions:
Click the Remove check box adjacent to the object line item to prevent access to the object.
Remove a permission by clicking the Read, Update, Add, and/or Delete check box next to an object line item. A blank check box indicates no permission.
The minimum level of authorization (i.e., Read permissions) must be granted to a security object in order for it to be available to a user.
Click the Read, Update, Add, and/or Delete check box next to an object line item to grant permissions to the object.
Leave all the check boxes blank when access should not be granted for an object.
To quickly grant permission to all the objects, click the appropriate Select All link.
To quickly remove permission assigned to one or more objects, click the appropriate Clear All link.
Refer to Setting Field-Level Security to edit element permissions.
Click Save.
The following General and Entity-Dependent security profiles have been recently added or updated for objects in Essential.
Module |
Object Name |
Release Introduced |
Administration |
Global Task Settings |
7.8 |
Air |
Create Entity Material Parameter Template |
7.7 |
Create Organizational Boundaries Template |
7.7 |
|
Create Production Parameter Template |
7.7.2 |
|
Review Products by Substance |
7.7.2 |
|
Permits Supervisor Console |
7.8 |
|
Audit |
Create Audit Template |
7.7.2 |
Async Process Engine Log |
7.8 |
|
Corrective Action Supervisor Console |
7.8 |
|
Findings, Recommendations, Observations, Good Practices |
7.8 |
|
Chemical Inventory |
Create Production Parameter Template |
7.7.2 |
Create Substance Exemption Template |
7.7.2 |
|
Create Substance Registration Template |
7.7.2 |
|
Create SVT Exempt Reason Template |
7.7.2 |
|
Create SVT Legal Entity Template |
7.7.2 |
|
Legal Entities |
7.7.2 |
|
Legal Entity Registration |
7.7.2 |
|
Review Products by Substance |
7.7.2 |
|
Sphera IA Import |
7.7.2 |
|
Sphera IA Import Errors / Warnings |
7.7.2 |
|
Substance volumes by Legal Entity |
7.7.2 |
|
Substance volumes for non-registered and non phase-in substances |
7.7.2 |
|
Substance volumes for phase-in substances |
7.7.2 |
|
Substance volumes for specific registered substances |
7.7.2 |
|
SVT |
7.7.2 |
|
SVT Report Calculations |
7.7.2 |
|
Threshold Band Information |
7.7.2 |
|
Web Service Validation Errors |
7.7.2 |
|
Compliance Manager |
Async Process Engine Log |
7.8 |
| Bulk Update Controls | 7.8 | |
| Control Priorities | 7.8 | |
| Create Entity Material Parameter Template | 7.8 | |
| Create Production Parameter Template | 7.8 | |
| Permit Supervisor Console | 7.8 | |
| Review Products by Substance | 7.8 | |
Compliance Parameter Data Entry |
Create Entity Material Parameter Template | 7.7 |
| Create Production Parameter Template | 7.7.2 | |
Compliance Parameter Management |
Review Products by Substance | 7.7.2 |
Emergency |
Incident Location | 7.7 |
FEMS |
Create Production Parameter Template | 7.7.2 |
| Review Products by Substance | 7.7.2 | |
Incident |
Review Products by Substance | 7.7.2 |
| Async Process Engine Log | 7.8 | |
| Corrective Action Supervisor Console | 7.8 | |
Industrial Hygiene |
Review Products by Substance | 7.7.2 |
MDS Author |
Review Products by Substance | 7.7.2 |
MDS Manager |
Review Products by Substance | 7.7.2 |
Process Data Manager |
Review Products by Substance | 7.7.2 |
Waste |
Create Entity Material Parameter Template | 7.7 |
| Create Bulk Waste Disposal Template | 7.7.1 | |
| Create Production Parameter Template | 7.7.2 | |
| Review Products by Substance | 7.7.2 | |
| Async Process Engine Log | 7.8 | |
Water |
Create Entity Material Parameter Template | 7.7 |
|
Create Production Parameter Template | 7.7.2 |
|
Async Process Engine Log | 7.8 |
|
Permit Supervisor Console | 7.8 |
|
Review Products by Substance | 7.8 |
|
|
|
|
|
