katthAX1815

Web Security Manager

Using Security Manager in the Web Client, you can assign users to subsystems and roles. This feature provides a browser-based interface for managing role and subsystem assignments.

In Axiom Budget Planning and Performance Reporting security, subsystems and roles are used as follows:

• Subsystems are used to organize a system into certain areas of access. Axiom Budget Planning and Performance Reporting product suites use subsystems to define security boundaries by product, such as Capital Planning and Budgeting.

• Roles are used to assign permissions to users. You can define permissions on a role, and then all users assigned to that role inherit the permissions. Roles can be associated with a particular subsystem or they can be global roles.

NOTE: The functionality of this page is limited to assigning users to subsystems and roles. This page does not support creating or deleting users, roles, or subsystems, nor does it support editing security permissions. For full security functionality, you must use the security features of the Desktop Client.

1. In the Web Client, click the Strata icon in the navigation bar The common bar across the top of pages in the Web Client. The Navigation bar provides access to system and product features..From the Area menu, select System Administration.

   

2. On the navigation ribbon, select Security > Security Manager.

   NOTE: Security Manager is only available to admins, subsystem admins, and users with the Administer Security permission.

Security Manager overview

The left pane of the Security Manager displays the users in your system. After you have selected a user, that user's subsystem and role assignments display in the right pane. You can use the right pane to add, edit, or remove assignments.

To find users for which you want to manage assignments, you can do the following:

• View enabled users only: Select Show Enabled Users Only to hide disabled user accounts. To view all users again, clear this check box.

  

• View users in a specific subsystem: To filter the user list by subsystem, select a subsystem from the Subsystem dropdown. The page updates to only show users that are assigned to the selected subsystem. To show all users again, select Show All from the Subsystem dropdown.

  

  NOTE: If your system does not use the Subsystem feature, this option is not shown.

• Find a specific user: Enter the user's name in the search box to find a specific user, and press <Enter>. The user's first name, last name, and email address are considered for the search. To show all users again, clear the search text, and press <Enter>.

  

The user list shows 100 users per page. You can use the page controls at the bottom of the list to move to specific pages in the list.

IMPORTANT: If you make any changes in the Security Manager, you must click Save at the top of the page to commit the changes. Any changes that are not explicitly saved are lost when you navigate away from the page or close the browser tab. Note that the page does not prompt you about unsaved changes when you attempt to leave the page.

Manage subsystem assignments for a user

Use the Subsystem Assignments section in the right pane to assign the selected user to one or more subsystems or to remove a subsystem assignment. After a user is assigned to a subsystem, you can edit that assignment to add or remove roles in the subsystem.

NOTE: If your system does not use subsystems, this section does not apply and is not shown on the page.

1. In the left pane of the Security Manager, select a user. You can use the features described in the previous section to find the user that you want to work with.

   After a user has been selected, that user's current role and subsystem assignments appear in the right pane. In the following example, the user does not yet belong to any subsystems.

   

   In the Subsystem Assignments section, click Add User to Subsystem.

2. In the Add To Subsystem page, select the toggle switch next to the subsystems that you want the user to be assigned to, and then click OK. If the toggle switch shows green, the user is assigned to that subsystem.

   

   If the user already belongs to one or more subsystems, those subsystems display with a gray check mark next to the subsystem name. You can only add the user to subsystems that they do not already belong to. This page cannot be used to remove subsystem assignments.

   After you click OK, the selected subsystems appear in the Subsystem Assignments section. You can now edit these assignments as needed to add subsystem roles.

   

3. Click the pencil icon for the subsystem where you want to add role assignments.

4. In the Manage Subsystem Roles page, select the toggle switches next to the roles that you want the user to be assigned to and click OK. If the toggle switch is green, the user is assigned to that subsystem.

   This page shows all roles that are associated with the selected subsystem.

   

   After you click OK, the subsystem assignment updates to show the assigned subsystem roles for the user.

   

5. Click Save to commit the subsystem and role assignments. Changes to this page are not committed until they are saved.

After a user has been assigned to a subsystem and subsystem roles, you can later modify the role assignments or you can remove the user from the subsystem, as needed.

• To modify subsystem role assignments: Click the pencil icon on the subsystem to open the Manage Subsystem Roles page and use the toggle switches to add or remove role assignments as needed.

• To remove a user from a subsystem: Click the trash can icon on the subsystem to remove the user from the subsystem. The user is also automatically removed from all of the subsystem's roles.

Click Save after making any modifications to subsystem and subsystem role assignments.

Manage global role assignments for a user

Use the Global Role Assignments section in the right pane to assign the selected user to one or more global roles or to remove a role assignment. Global roles are roles that are not associated with a subsystem.

NOTE: If your system does not use subsystems, the word global does not appear on this section because there is no need to differentiate between global roles and subsystem roles.

1. In the left pane of the Security Manager, select the user. You can use the features described previously to find the user that you want to work with.

   After you select a user, that user's current role and subsystem assignments appear in the right pane. In the following example, the user does not belong to any global roles.

   

2. In the Global Role Assignments section, click Add User to Global Role.

   If your system does not use subsystems, the section is titled Role Assignments and the action is Add User to Role.

3. In the Add Global Role page, select the toggle switch next to the roles that you want the user to be assigned to and click OK. If the toggle switch is green, the user is assigned to that role.

   If your system does not use subsystems, this page is titled Add Role.

   

   If the user already belongs to one or more roles, those roles show with a gray check mark next to the role name. You can only add the user to roles that they do not already belong to. This page cannot be used to remove role assignments.

   After you click OK, the selected roles appear in the Global Role Assignments section.

   

4. Click Save to commit the role assignments. Changes to this page are not committed until they are saved.

Remove a user from a global role

• Click the trash can icon on the role assignment. Click Save after making any changes.

Limitations for subsystem admins

If you are a subsystem admin, the Security Manager page has some limitations. These limitations are consistent with the behavior of the Security Management page in the Desktop Client.

• The user list is limited to only showing users that belong to one of the subsystems that you administer.
• The subsystem list is limited to only showing subsystems that you administer. This applies to the Subsystem filter and the Add To Subsystem page.

This means that as a subsystem admin, you are limited to managing users that already belong to one of the subsystems that you administer. If a user does not belong to any subsystems or if a user belongs to a subsystem that you do not administer, that user does not appear in the web Security Manager. In this case, if the user needs to be assigned to your subsystem, a system admin or a user with the Administer Security permission must make this assignment.