Creating and editing security roles
Each Meridian vault can have any number of security roles, but the fewer there are, the easier they are to manage and assign.
To create or edit security roles:
- In Configurator, on the Vault menu, select Roles and Privileges. The Roles and Privileges dialog box appears showing the current security roles that have been configured, if any.
- To view the privileges for custom objects in the vault such as navigation views, reports, lookup lists, work area templates, document types (if document type security is enabled), and so on, select the Show object privileges check box in the lower-left corner of the dialog. The custom object names appear in blue text.
Notes
- When the Use document type security option is enabled for a vault , the Document privileges group that would otherwise apply to all document types is removed from the Privileges column. The privileges for each document type can then be found below the name of each document type in the Document Types group.
-
Custom command names do not appear in the list until after their Can Execute privilege has been created by clicking the Privileges button at least once as described in Creating and editing custom commands.
- To delete a role:
- Click the Delete Role button. The Delete Role dialog box appears.
- Select the role that you want to delete and click OK. The role is deleted.
-
To edit a role, select or clear the check boxes in the Privileges column for that role.
Refer to cursors in the following figure when reading the following instructions to quickly select or deselect groups of privileges or roles.
To select or deselect all privileges for a role:
- Right-click the role name and then click Select All or Remove All.
To select or deselect all privileges in a group for single role:
- Right-click the empty cell at the intersection of the privilege group name row and the role column and then click Select this group of privileges for this role or Deselect this group of privileges for this role.
To select or deselect all roles for a single privilege:
-
Right-click the name of a privilege to click Select all roles for this privilege or Deselect all roles for this privilege.
For information about each privilege, see Security privilege descriptions.
- To create a role, click the New Role button. The New Role dialog box appears.
Tip Create the role with the most privileges first, and then copy the privileges of that role to the next role as described in the next step and clear the appropriate privileges. Repeat copying the privileges of the role with the least privileges to each subsequent role and clear the appropriate privileges until all roles have been created.
- Click options or type values using the descriptions in the following table.
Security role options
|
Display Name
|
Type the name of the role as you want it to appear to users. This name should reflect the functional role of the user with respect to documents. Example names are Administrator, Manager, Author, Reviewer, and Viewer.
|
|
Name
|
A default internal name is calculated. Accept the default in most cases.
|
|
Copy privileges from
|
Select an existing role from the list that has privileges equal to or greater than the new role. This will make editing the privileges of the new role easier if you simply delete the privileges that do not apply to the new role.
|
- Click OK. A new column is added to the Roles and Privileges dialog with the copied privileges.
- Select or clear the check box in the Privileges column for that role. For information about each privilege, see Security privilege descriptions.
Note Privileges for tables created prior to Meridian 2010 are not available until after they have been created by clicking the Privileges button on the General tab of the table in Configurator.
- When you are finished creating and editing roles, click OK.
Changes to existing roles take effect immediately. New roles must be assigned to vault folders as described in the BlueCielo Meridian Enterprise User’s Guide.
Tips
- By default, new vaults have no security roles assigned and the first role that is assigned is granted exclusive access to the vault until other security roles are assigned. Create the role with the highest level of access first (for example, Administrator) and assign the system’s administrators to it at the root of the vault before assigning any other security roles. This will prevent you from accidentally denying system administrators access to the vault and assigning other roles. It will also grant system administrators access to the entire vault unless role inheritance is overridden by assignments at any folders. If you accidentally deny access to all system administrators, see the BlueCielo Meridian Enterprise Administrator’s Guide.
- By default, folders and work areas inherit their security role assignments from their parent folder or area recursively all the way to the root of the vault. This makes setting security for the entire vault as easy as assigning roles just once at the root of the vault. Role assignments for specific folders may then be overridden, if necessary, as described in BlueCielo Meridian Enterprise User’s Guide.
- After configuring and testing the roles in a vault, create a Windows user group for each role. The groups should be domain or local groups, as described in the BlueCielo Meridian Enterprise Administrator’s Guide. Then, assign the Windows user groups to roles in the vault. You may then easily add new users to the system by simply assigning them to the correct Windows user group without the need to change the role assignments in the vault.
- To export, import, or clear the security role assignments of a folder and its sub-folders, see the BlueCielo Meridian Enterprise User's Guide.
Note If a user is a member of multiple roles assigned to the same folder, their effective rights in that folder are those of the more permissive role. Therefore, avoid assigning users to multiple groups that are assigned to roles applied to the same folders.