The User Role Assignment setting in User Administration module enables the user administrator to grant or deny users direct access to specific projects in Architect or Volumes in Architect Global Library based on a security role.
There are two ways a user administrator can assign a user to a role and an Architect project or Global Library volume in the User Administration module:
Via the User Role Assignment page (direct permissions for the user, explained below)
Via the Security Group Role Assignment page in the Configuration module (permissions assigned via a group the user belongs to)
In the event a user is assigned to multiple projects or Global Library or Role combinations, the system follows a certain hierarchy to determine whether the direct role assignment or the assignment via a security group should take precedence over the other. The user's direct role assignment always takes precedence over the group assignment. However, if a user is assigned to a project via a group, but specifically denied access in the group, the group assignment takes precedence over the direct role assignment. Group permission is always considered last. In other words, to determine the current permission set for a user, the system gathers all the user direct permissions, adds any additional permissions via the Groups the user belongs to, and removes any permissions denied to the user in the various groups.
Filter and search permissions for users
Add new permission and associate a user with a project or global library and a role.
Note: User Role assignments in Rave are Read Only for iMedidata users. The assignments are configured in iMedidata.
Navigate to the User Administration main page from the list of installed modules on the Home page.
Select User Role Assignment from the list of User Admin Items on the left navigation bar.
The User Role Assignment main page displays.
(Required) Select a Module: Options are: Architect Project or Architect Global Library. Only Roles and Actions for the selected Module will display. Default selection is Architect Project.
Select an active project or global library from the Grant Access On drop down list. The list has all active projects or global libraries based on Module selected.
Select a user in the Grant Access To search list. The list has all available users.
Select a security role in the With Security Role drop down list. The list has all security roles currently assigned to the selected Module.
Click the Search
.
The system displays results that meet your search parameters with options to deny or remove the permission for a particular Project/Global Library-Group/User-Role assignment.
Grant Access on Projects or Grant Access on Global Library column displays Projects or Global Libraries based on selected module.
Log In column displays Log In IDs for users.
Grant Access To User Column displays users for selected module.
With Security Role column displays Architect security roles.
Select a Module in the Filter Permissions section: Options are: Architect Project or Architect Global Library.
Click Add New Permission link in the Permissions Based On Filter section.
Data fields to select information for the new permission appears.
Select a project or global library from the Grant Access On drop down list.
Select a user from the Grant Access To search list.
Select a security role from the With Selected Role drop down list.
Click Update
.
Note: Only one combination of a project or global library - user - role permission can exist. If a second combination is assigned, the original will be overwritten.
Check the Deny Access check box to deny the user access to the displayed project or global library.
To remove the project or global library - User - Role permission, click X for the permission in the Remove column.
The system removes the permission.
Copyright © 2014 Medidata Solutions, Inc. All rights reserved.