Users and Groups are maintained from the workbench in System Setup > Users & Groups.
In the Users & Groups hierarchy, you can create STEP Roles and Authorizations to determine who can access the STEP system and what they are able to do or not do as a User in the Workbench, Web UI, or DTP client. A Group containing these roles and authorizations is a set of one or more Users. An example of User Groups setup based on roles and authorizations can be found in the image above. All Users that are members of a specific Group share the Privilege Rules that are applied to that Group. While it is possible to assign a User to more than one Group, privileges are accumulative so this is not recommended practice as it makes it difficult to define what Privileges a User actually has.
Some of the reasons STEP Roles and Authorizations are created in Users and Groups are:
- It allows for the for the proper setup of system access for Users that will be using STEP so that Users only have the rights and privileges they need.
- It gives others the ability to add Users to existing groups based on the type of access required.
- It ensures data quality and integrity by preventing accidental or malicious changes made by people who should not have access.
Note: Every user must be a member of a group because all permissions are controlled via groups.
Group Membership
The members of a group ideally perform the same or very similar roles within the database environment. The organization of Users and Groups should then reflect the responsibilities that are associated with the corresponding roles within the business.
An example of three User Groups could be:
- Normal User
An operator belonging to the Normal User Group may typically be working with data entry and does not have the complete knowledge of the system. It thus makes sense to restrict the rights of this type of operator.
- Super User
A member belonging to the Super User Group is typically an operator who in addition to data entry also is working with system setup and higher-level maintenance.
- Read-Only
The Read-Only Group will typically include operators that have an interest in viewing information but have no permissions to perform any editing operations.