A uses security profile is determined by two mechanisms A users role, which is what functions are available to them, for example 'Strip and Fit' or 'Add Pressure'. And a security scope, which determines what company or site data they can view.  

Roles and scopes are accessed through the 'System Module' and 'Security' sub-module. Shown here:



By default both Roles and scopes are displayed and can be differentiated by their corresponding icons and data objects



Role icon



Security Scope icon




 Role object








Security Scope object




When creating a new user, both the role and security scope are assigned.  





In order to see 'Security Scopes', you must first assign the user a company.  
Only then will the 'Security Scopes' from the selected companies be displayed.


SECURITY SCOPES


When a new company is created in TMaSS a 'root' security scope is created automatically.  However, when sites and locations are created, security scopes need to be manually created.  This can be done within the 'System > Security' module by pressing add icon  and selecting 'Add Scope' from the menu.



 

When creating security scopes it is imperative that you have the desired site or location selected in the context menu before adding the new scope.  This is because the security scope will be added to whatever site or location you have selected and cannot be moved retrospectively.  If you create it in the incorrect site or location, you will need to delete it and recreate it.



  
If you have a user that requires access to all sites or locations within a given company, there is no need to select all the scopes associated with that company.  Since the company or root scope is inherited by all sites or locations, if you just select the 'root' security scope the user will have access to all the sites and locations.  

                        NOTE however, that if you only wish is assign the user a single site or location, make sure that the 'root' security scope is NOT assigned to that user.



ROLES


Roles determine what a use can do with TMaSS. By default, there are a number of roles that have been prebuilt to get you going quickly.  However, there may be times when a more granular approach is necessary.  TMaSS provides the flexibility you need to create any role type that aligns with your business practice.  


To create a new Role, you start by giving it a name and description then select the modules you wish to provide users access to.  Each module has corresponding security elements to further focus the security profile. 





Currently only one role can be assigned to a user at any given time.