Back to Table of Contents

Privileges and user Roles / Groups

privileges are what separate a manager from a basic user. The Symbiant system lets you create exact roles by grouping individual privileges in to groups (roles) or just assign an individual privilege to a user.

You must not overload permissions and divisions.

If you make someone a superuser, you must not assign further managerial permissions or groups (such as edit, view) or add them to divisions. Super Users are automatically assigned to all divisions and get all managerial privileges. Adding more may cause errors.

The only extra permissions you need to add to superusers are the assignable ones such as Audit assessment assignable, control assessment assignable, Audit action assignable. You can locate these by searching assignable in the user permissions box.

Divisions

Divisions are Hierarchical. Managers get assigned to the division and any child divisions below, so in this example assign a user to Global Europe gives them all the global europe and below but not Global or the Global UK and Global USA. If you wanted to give someone access to all the divisions you would assign them to Global at the top of the tree. DO NOT over assign users to divisions as it may cause login delays and problems.

Try and assign users to groups rather than specific divisions and DO NOT assign all permissions or repeat permissions. Groups are groups of permissions, assigning a group role will give the user what they require for that role, if they need a few extra permissions assign them.
If you would like a user to have all permissions make them a superuser.

To Create a User Role / Group of privileges

From the Administration section under Authentication click on Add next to Groups

Give the role a descriptive name so you can easily identify who should be assigned to this role.

Move the required permissions to the Chosen box. Use the search box to find matching criteria.

To Edit / Change a Group

Select Change

Select the group you want to edit

Edit or Duplicate

If you wish to create a similar role (group) and preserve the original you can use duplicate to create a new copy of the croup in edit. Here you can give the duplicate a new name and

Remove a role

You can remove a role by clicking Delete in the bottom left corner.

To finish

Select a save option to finish and save your changes

Predefined User Groups

Popular user roles have already been created. Groups are prefixed with the module they relate to.

ADT: Audit
TRK: Tracker
CTL: Controls
INC: Incidents
RSK: Risks
SIM: Simulations
WKS: Risk Workshops

Moderator - by default can view whatever they are assigned to as a moderator, but you can add extra moderator privileges to enable more admin tasks to the items they are assigned to as a moderator.
Divisional Manager - Manage the divisions they are assigned to the same division or divisions
Divisional Readonly - view items in divisions they are assigned to.
General readonly - view all items
General Manager - can manage globally, see all issue but are not a super user.

Moderator Role:

Moderators are like owners of items. You can assign people or groups to items. These users can then perform the moderator tasks you have assigned to them. So if you wanted all item owners to have administrator privileges on the items they are assigned to as a moderator you can add these privileges to the Moderator role.
To assign users to items, go to the admin section admin and open the section that holds the items you want to add the moderators to

from the list click on the item to open it.

Click the Properties tab.

Now you can change ownership or add moderators. You can also make a group the moderator. So anyone who has that group role will be the moderator.

Save to finish