Working with Roles

Sites often have sets of users that have the same job or role. You can have multiple CAD specialists working on updating plans, for instance. You might run a series of outsource or contract people through that role as well.

From a security standpoint, roles define how the generic "atomic" groups map to the needs of classes of users within your specific organization.

As such, you don’t assign groups directly to users, but instead you aggregate the "atomic" group permissions into roles, which define which collection of groups your types of users need to get their corporate mission done.

The roles at your site might correspond fairly closely with the lowest level of security group. For instance, you might have:

A role that needs to edit lease and property information
A role that needs to update the list of rooms
A role that updates room polyline boundaries and their associated areas and department assignments
A role that needs updated financial calculations presented by the Summarize Costs actions.

Each of these "roles" correspond to a single hierarchical group code.

However, your roles might span these "atomic" groups. You could have a department responsible for two different functional areas, such as space and real property management (i.e. they should have the "spac" and the "rplm" tasks). Or your CAD specialists might have responsibility for all CAD tasks, regardless of business function (i.e. they should have the "%cad" tasks).

Typical roles are:

Facility Manager
Space Planner
CAD Specialist
Real Estate Manager
Real Estate Broker
Real Estate Admin Aide
Move Planer
Maintenance Manager
Craftsperson
DBA
System Integrator
CIO (access all top-level or KPI results)
Manager (access all groups that approve cost items)
Employee (access all employee relations task groups)

When using the hierarchical security feature, you don't assign individual groups to afm_users, you assign roles so as to give the appropriate access to all relevant groups all at once. For instance, if you have the same "Corporate Real-Estate" organization managing both real estate and space management tasks, your security roles may look like this:

Role Groups

Corporate Real Estate rplm%, spac%

Corporate Real Estate Data Entry rplm-rev-ed, spac-rev-ed

Corporate Real Estate Strategic %cio

System Administrator %sys%,spac%,rplm%,des%,fe%,telc%,bops%

ARCHIBUS Roles table (afm_roles)

On the Process Navigator , access this table at:

System Administration / ARCHIBUS System Administration / ARCHIBUS Administrator - User and Security / Add or Edit User Roles

Field	Purpose
Role Name	The shorthand name for the role, e.g. SITEAMGR, SITEACF, SITEBMGR, etc.
Role Title	The descriptive title, such as. "Site A -- Manager"
VPA Restriction	A VPA restriction specified in XML format. This restriction applies to al users assigned to this role when they log in.
WW Preferences	For Client/Server, use this field for entering Call Center Wizard preferences for this role. (Prior to V14.3, this field existed in the ARCHIBUS Groups table.)
License Level	Dictates what License Level all users of this role have. When a user logs in, the program signs out another license of this level. For information on the license levels, see Licensing Levels. You can also set your role to sign out an Application Connection Point license by setting the License Level to “application-style ICP”.

ARCHIBUS Groups for Roles table (afm_groupsforroles)

Use this table to assign an arbitrary number of groups to each Role record. Allow 64 character group names in this assignment table.

Field	Purpose
Role Name	Validated by the ARCHIBUS Roles table.
Group Name	Validated by the ARCHIBUS Groups table.