In iMIS, drop-down lists of access settings show you the available shared, named security settings that you can apply to individual folders and objects:
The Security page appears when editing Document System items, such as processes and queries
When you edit a Document System folder, the same shared security sets are available.
iMIS ships with a collection of shared, named security sets to cut down on the number of unique AccessKeys that you need, for objects that should be neither unsecured (Share) nor locked for you alone (Private). Each security set contains a predefined Access List and permissions (Full Control, Read, Add, Delete, Edit) that are constant for all objects that use it. When you choose a set, the Current Access List beneath updates to show the settings for the selected security set. These are derived mainly from common system-defined groups.
Note: A Select permission is also available only for CM tag objects.
Custom security groups (use sparingly)
If you choose the Custom option at the bottom of the list (or just modify the values in the Current Access List), you can add/remove specific Users, Roles, and Groups and assign them each a specific set of permissions. Making this type of change to the security for an object results in a new unique AccessKey for the specified Access List permissions.
You can implement a custom security group by modifying a predefined group or building your own from scratch (using the Make available to radio button). While a custom security group offers great flexibility, it jeopardizes performance, because it adds several rows per object. If the security tables get too large (given that they are joined on every query), your system can slow significantly.
Caution! To minimize performance impacts, avoid using custom security groups where their effect multiplies: folders, Navigation items, and all children the same (unless you're using shared security, or it's mission-critical).
Shared security set definitions (use liberally)
The table below lists the shared, named security sets in iMIS and gives their underlying definitions. Most areas have three levels (Admin, Manager, User), each of which allows access for any level above it. For example, "Certification Users" grants access for Managers and Admins as well.
Tip: You can define your own access settings based on security groups (see User-level security: Roles and Groups).
Read each parenthetical definition from left to right as "grantee" "gets" (=) "specific privilege", and read any plus signs as AND operators:
Group (grantee gets specific privilege) AND Role (grantee gets specific privilege)
For example, applying "Segmentation Job Default Access" security means that
■ users in the "SegAdmin" group get control privileges
■ users in the "SegMgr" group get Read+Add+Edit+Delete privileges
■ users in the "SegUser" group get Read-only privileges
■ users in the "SysAdmin" role get control privileges
|
Shared Named Security sets |
Definitions |
|
Administrators Full Control |
Role(SysAdmin=Control) |
|
Authenticated Users Full Control |
Group(Authenticated Users=Control) + Role(SysAdmin=Control) |
|
Authenticated Users Read |
Group(Authenticated Users=Read) + Role(SysAdmin=Control) |
|
Authenticated Users Read/Write |
Group(Authenticated Users=ReadEdit0) + Role(SysAdmin=Control) |
|
Authenticated Users Read/Write/Add/Delete |
Group(Authenticated Users=ReadAddEditDelete) + Role(SysAdmin=Control) |
|
Campaign Admins Full Control |
Group(CampaignAdmin=Control) + Role(SysAdmin=Control) |
|
Campaign Default Access |
Group(CampaignAdmin=Control) + Group(CampaignMgr=ReadAddEditDelete) + Group(CampaignUser=Read) + Role(SysAdmin=Control) |
|
Campaign Users Full Control |
Group(CampaignAdmin=Control) + Group(CampaignMgr=Control) + Group(CampaignUser=Control) + Role(SysAdmin=Control) |
|
Certification Admins Full Control |
Group(Certification Admin=Control) + Role(SysAdmin=Control) |
|
Certification Managers Full Control |
Group(Certification Admin=Control) + Group(Certification Manager=Control) + Role(SysAdmin=Control) |
|
Certification Users Full Control |
Group(Certification Admin=Control) + Group(Certification Manager=Control) + Group(Certification User=Control) + Role(SysAdmin=Control) |
|
Everyone Full Control |
Role(Everyone=Control) |
|
Everyone Read |
Role(Everyone=Read) + Role(SysAdmin=Control) |
|
Everyone Read/Write |
Role(Everyone=ReadEdit0) + Role(SysAdmin=Control) |
|
Everyone Read/Write/Add/Delete |
Role(Everyone=ReadAddEditDelete) + Role(SysAdmin=Control) |
|
Marketing Users Full Control |
Group(CampaignAdmin=Control) + Group(CampaignMgr=Control) + Group(CampaignUser=Control) + Group(RFMAdmin=Control) + Group(RFMMgr=Control) + Group(RFMUser=Control) + Group(SegAdmin=Control) + Group(SegMgr=Control) + Group(SegUser=Control) + Role(SysAdmin=Control) |
|
Opportunity Admins Full Control |
Group(OpportunityAdmin=Control) + Role(SysAdmin=Control) |
|
Opportunity Default Access |
Group(OpportunityAdmin=Control) + Group(OpportunityCreator=ReadAdd) + Group(OpportunityMgr=ReadAddEditDelete) + Group(OpportunityOwners=ReadAddEditDelete) + Group(OpportunityUser=Read) + Role(SysAdmin=Control) |
|
Opportunity Users Full Control |
Group(OpportunityAdmin=Control) + Group(OpportunityCreator=Control) + Group(OpportunityMgr=Control) + Group(OpportunityOwners=Control) + Group(OpportunityUser=Control) + Role(SysAdmin=Control) |
|
RFM Admins Full Control |
Group(RFMAdmin=Control) + Role(SysAdmin=Control) |
|
RFM Default Access |
Group(RFMAdmin=Control) + Group(RFMMgr=ReadAddEditDelete) + Group(RFMUser=Read) + Role(SysAdmin=Control) |
|
RFM Users Full Control |
Group(RFMAdmin=Control) + Group(RFMMgr=Control) + Group(RFMUser=Control) + Role(SysAdmin=Control) |
|
Reporting Users Full Control |
Group(Reporting=Control) + Role(SysAdmin=Control) |
|
Segmentation Admins Full Control |
Group(SegAdmin=Control) + Role(SysAdmin=Control) |
|
Segmentation Job Default Access |
Group(SegAdmin=Control) + Group(SegMgr=ReadAddEditDelete) + Group(SegUser=Read) + Role(SysAdmin=Control) |
|
Segmentation Users Full Control |
Group(SegAdmin=Control) + Group(SegMgr=Control) + Group(SegUser=Control) + Role(SysAdmin=Control) |