Managing security groups (user roles)

Security groups define what functions a user can perform. Your organization may refer to security groups as user roles. A user can belong to only one security group.

When a user is created on the Diligent One 平台, a default role is assigned, either User or System Admin. For details, see 添加和管理用户. Additional security groups can be created in the Policy Manager app.

The Access group is the security group and is a required field. See Managing users.

Note

If you use Policy Portal, set up a Policy_Portal_Group with no permissions assigned. With SSO enabled, users are redirected to the Policy Portal where they can view and search for documents for the target audience they belong to. See Using the Policy Portal.

You may have as many security groups as you want. When you create security groups, consider your organization's needs and audit requirements. For example, you may or may not need to separate Document Reviewers and Owners from individuals that have rights to create and edit documents. Suggested security groups follow. You may also want a security group for auditors.

  • System Administrators (SysAdmin)
  • Super Users
  • Document Creator/Editor
  • Document Reviewer
  • Document Owner

Add a security group

  1. From the left menu, select Administration then Security Groups.

  2. Select the Security Groups button.

  3. Give the security group a case-sensitive Name. When you move from the name field, the system checks to make sure the case-sensitive name is not in use.

  4. Add a Description.

  5. Select Active to make the security group immediately available for users to be assigned.

  6. Select the Access Rights to grant access to Policy Manager menus, pages, and functions to the users assigned to the security group. Select Expand All to view all Access Rights. For details on each Access Right, see Access Rights details.

  7. Select Save.

Manage a security group

  1. From the left menu, select Administration then Security Groups.

  2. Select any of the following for the security group:

    Edit to update the information.

    Clone a security group then make edits to the Access Rights to create a new security group.

    Delete to remove the security group. If a security group has active users, the is grayed out and you cannot delete the security group.

Access Rights details

Access Rights may granted (selected) for a menu, a page, and/or the fields on a page. The highest level of security in a group typically allows access to view the function. Selecting sub-settings allow the users to manage the function via add, delete, or edit selections. For example, the following setting allows the user to view the document components (re-usable content). Because the remaining selection are not selected, the user cannot create, delete, or edit a document component.

[x] Allow Access to Components Page

[ ] Can create document components

[ ] Can delete document component

[ ] Can edit document component

A description of each of the Access Rights follows.

Access Rights Description and typical access (Your organization may vary based on requirements.)

Allow access to Additional Fields page

  • Can maintain Additional Fields

An additional field is a user defined field (UDF) for:

  • Review flow tasks
  • An email notification placeholder (variable)
  • User information.

For function details, see Managing additional fields.

This access is typically enabled for System Administrators or Super Users.

Allow access to Administration menu

The Administration menu is used to configure the system to meet your organization's needs. For function details, see Administration.

This access is typically enabled for System Administrators or Super Users.

Allow access to System Report page

The Reports menu is used to generate a report, search a report, and export a report to Excel. For function details, see Reports.

This access is typically enabled for individuals who view reports. For users who need to create, edit, or delete a report, see the Access Right Allow access Reports.

Allow access to Agency settings

Agency settings are used to configure functions, such as allowing document uploads, syncing with Diligent One apps, and enabling spell check. For function details, see Managing agency settings.

This access is typically enabled for System Administrators or Super Users.

Can use Search

The search feature is used to find documents, document components, and other content. For an example of a search function, see Search with document details. There are other search functions in the system.

This access is typically enabled for all users.

Allow access to Case Queue page

  • Can add new Case Queue
  • Can delete Case Queue
  • Can edit Case Queue

The case queue is the review queue which is a group of users assigned to handle a document review, approval, or other actions. For function details, see Managing review queues.

This access is typically enabled for System Administrators or Super Users.

Allow Access to Components Page

  • Can create document component
  • Can delete document component
  • Can edit document component

Document components are re-usable content for use when creating documents and document templates. For function details, see Using document components.

This access is typically enabled for Document Owners, System Administrators, or Super Users.

Allow access to Configure Attributes page

Configuring attributes is advanced functionality that may cause damage to the system. Attributes should only be changed in conjunction with your Diligent Customer Success Manager. For function details, see Configuring categories, values, and attributes.

This access is typically not granted unless you are working in conjunction with a Diligent Customer Success Manager and add access under their direction.

Allow access to Configure Categories page

  • Can maintain Configure Categories
  • Can Access System Categories

Categories and values are internal name/value pairs where you can match an internal code with what you want the user to see. Categories (Reference Domains) have associated child Values (Reference Codes). For function details, see Configuring categories, values, and attributes.

This access is typically enabled for System Administrators or Super Users.

Allow access to Configure Values page

  • Can maintain Configure Values
  • Can maintain system generated RefCodes

Categories and values are internal name/value pairs where you can match an internal code with what you want the user to see. Categories (Reference Domains) have associated child Values (Reference Codes). For function details, see Configuring categories, values, and attributes.

This access is typically enabled for System Administrators or Super Users.

Allow access Dashboard

  • Allow access to Home Dashboard

Dashboards provide an overview of the state of documents and information on current and upcoming review cycles. For function details, see Dashboards.

All users are typically given full Dashboard access.

Can edit public document component

Users edit documents on the Document Editor tab. This includes adding document selections and components. For function details, see Using the Document Editor.

This access is typically enabled for Document Owners, Document Editors, Document Reviewers, System Administrators, and Super Users.

Allow Access to Documents Page

(See the sub-selections on the right in this table.)

User accesses to the Documents Page can vary based on the security group. Suggestions follow.

  • Can access AD-DocumentType Page. For function details, see Setting Preferences. This access is typically enabled for SysAdmin and Super User.
  • Can ad-hoc edit review cycle. For function details, see Managing review flows and tasks, Allow ad-hoc changes. This access is typically enabled for SysAdmin and Super User.
  • Can archive and unarchive. For function details, see Creating a document, Find and manage the document. This access is typically enabled for SysAdmin, Super User, and Document Owners.
  • Can assign any group. For function details, see Managing review queues. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor or Owners.
  • Can upload component. For function details, see Using the Document Editor, Add content to the document. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.
  • Can view all documents. For function details, see Finding and managing documents. This access is typically enabled for all roles.
  • Can access Car Insurance Page. (Not used.)
  • Can access Codes Page. (Not used.)
  • Can create new documents. For function details, see Creating a document. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.
  • Can access document editor tab. For function details, see Using the Document Editor. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.
  • Can download historical version. For function details, see Finding and managing documents. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Reviewer and Document Creator/Editor may also need the access.
  • Can edit Cross Reference tab. For function details, see Managing cross references. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor. Document Owner and Document Reviewer may also need the access.
  • Can edit General Info tab. For function details, see Creating a document. This access is typically assigned to SysAdmin, Super User, and Document Creator/Editor.
  • Can edit owning group. For function details, see Managing review queues. This access is typically enabled for SysAdmin and Super User.
  • Can edit owning person. For function details, see Managing review queues. This access is typically enabled for SysAdmin and Super User.
  • Can edit Publish tab. For function details, see Publishing a document. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Creator/Editor and Document Reviewer may also need the access.
  • Can access Guidelines Page. For function details, see Publishing a document. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Creator/Editor and Document Reviewer may also need the access.
  • Can access history viewer tab. For function details, see Viewing a document's history. This access is typically enabled for all users unless there is an audit requirement to prohibit some users from viewing history.
  • Can access Home Insurance Page. (Not used.)
  • Can initialize off-cycle review. For function details, see Starting an off-cycle review. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Creator / Editor and Document Reviewer may also need the access.
  • Can access Life Insurance Page. (Not used.)
  • Can maintain review frequency. For function details, see Managing review frequencies. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Creator/Editor and Document Reviewer may also need the access. Also see the Access Right Allow access to Review Frequency page.
  • Can maintain target audience. For function details, see Managing target audiences. This access is typically enabled for SysAdmin, Super User, and Document Owner.
  • Can maintain template. For function details, see Managing document templates. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.
  • Can mark documents as Publicly Accessible. For function details, see Creating a document and Using Policy Portal. This access is typically enabled for SysAdmin, Super User, and Document Owner.
  • Can maintain review frequency. For function details, see Managing review frequencies. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Creator/Editor and Document Reviewer may also need the access. Also see the Access Right Allow access to Review Frequency page.
  • Can maintain template. For function details, see Managing document templates. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.
  • Can access Neola Templates - WI Page. (Not used.)
  • Can access Policies Page. For function details, see Finding and managing documents. This access is typically enabled for all users.
  • Can access Procedures Page. For function details, see Finding and managing documents. This access is typically enabled for all users.
  • Can view publish tab. For function details, see Publishing a document. This access is typically enabled for SysAdmin, Super User, and Document Owner. Document Creator/Editor and Document Reviewer may also need the access.
  • Can access reviewCycle tab. For function details, see Managing review flows and tasks. This access is typically enabled for SysAdmin, Super User, and Document Owners.
  • Can access Standards Page. For function details, see Finding and managing documents. This access is typically enabled for all users.
  • Can use new doc wizard. (Not used.)
  • Can view General Info tab. For function details, see Creating a document. This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor. Document Owners and Reviewers may need access.

Allow access to Document Template Assignment page

  • Can add new Document Template Assignment
  • Can delete Document Template Assignment
  • Can edit Document Template Assignments

A document template saves time and ensures consistency when you create a new document. A template can be automatically assigned using template assignment rules. For function details, see Configuring template assignments.

This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.

Allow access to incident report page

This option is not used in Policy Manager.

Can receive intra-system message

This option is not used in Policy Manager.

Allow access to Notifications page

  • Can manage Notifications

 

Email notifications are set at the review cycle level (such as DRAFTING, REVISING, and so on). For function details, see Managing notifications.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Allow access to Work Flow Assignment page

  • Can add new Work Flow Assignment
  • Can delete Work Flow Assignment
  • Can edit Work Flow Assignments

A review flow (work flow) identifies the review cycle with system-defined phases (such as DRAFTING) and prescribed tasks, as set by the organization. For function details, see Managing review flows and tasks and Mapping review flow assignments to documents.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Also see these Access Rights:

Allow access to Work Flow Snippets page

Snippets are reusable collections of phases and/or tasks that can be added to a review cycle to save time and ensure accuracy. You may insert a snippet in the review flow. For function details, see Managing review flow snippets.

This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.

Also see these Access Rights:

Allow access to set starter snippet

The default starter snippet adds required phases and settings, such as predecessors to ensure each phase is complete before going to the next phase. For function details, see Managing review flows and tasks and Managing review flow snippets.

This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.

Can view Regulations

  • Can maintain Regulations

You can catalog regulations, laws, or other outside governance requirements and add documents to create auditable reference of requirements. For function details, see Regulations.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Allow access Reports

  • Can create new reports
  • Can delete reports
  • Can edit reports

To allow access to create, delete, or edit a report. For function details, see Allow access to System Report page.

This access is typically enabled for people who need to view and manage reports. To limit access to viewing a report, see the Access Right Allow access to System Report page.

Allow access to Work Flow page

  • Can add new Work Flow
  • Can delete Work Flow
  • Can edit Work Flow

 

A review flow (work flow) identifies the review cycle with system-defined phases (such as DRAFTING) and prescribed tasks, as set by the organization. For function details, see Managing review flows and tasks.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Also see these Access Rights:

Allow access to Review Frequency page

Review frequencies are associated with documents to identify how often the documents are reviewed. For function details, see Managing review frequencies.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Also see Allow Access to Documents Page, Access Right Review frequency.

Allow access to Review Queue page

  • Can add new Review Queue
  • Can delete Review Queue
  • Can edit Review Queue

A review queue is a group of users assigned to handle the review, approval, or other actions. For function details, see Managing review queues.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Allow access to Security Groups page

  • Can maintain Security Groups

Security groups define what functions a user can perform.

This access is typically enabled for SysAdmin and Super User.

Allow access to Tag Group page

Tag groups are used to search for related documents. For function details, see Tag groups are used to search for related documents.

This access is typically enabled for SysAdmin, Super User, Document Creator/Editor, and Document Owner.

Allow access Tasks page

  • Can release ownership
  • Can take ownership

Users may be automatically assigned tasks, or they can take ownership of a task if they are in the task's review queue. For function details, see Taking or releasing ownership of a task.

This access is typically enabled for SysAdmin, Super User, and Document Reviewers. It can be assigned to all users, in case there is an issue with ownership, such as a reviewer being unavailable.

Allow access to Users page

  • Can add new user
  • Can edit other user profiles
  • Can edit own profile
  • Can unregister other profiles

Administrators can add users and update user information. For function details, see Managing users.

This access is typically enabled for SysAdmin and, possibly, Super User.

Allow Access to Widgets Page

  • Can create document widget
  • Can delete document widget
  • Can edit document widget
  • Can view all tasks

A widget is used to display often repeated content, such as a disclaimer that is used multiple times in documents, document components, and document templates. For function details, see Using Widgets and Managing document widgets.

This access is typically enabled for SysAdmin, Super User, and Document Creator/Editor.