Summary:
Spitfire allows security to be organized via nesting of roles. In the Roles tool on the System Admin Dashboard, a role can be designated as a subordinate role. In the Role detail pane, you can group Subordinate Roles into other roles and define Doc Type conditions that should apply. In the Member Of tab of a Contact Details (on the Contacts Dashboard), Contacts can only be assigned to Primary roles. When you assign a user to a role, you may also place conditions on the role membership based upon Project or Doc Type. When using subordinate roles, it is usually best to allow the Doc Type condition to be inferred from the subordinate roles.For more information, see the Designing User Roles technical white paper.
Additional Comments:
Here are some examples:
Given:
- HVAC is a Primary Role
- Bookkeeping is a Primary Role
- Subcontractor and Project Accounting are subordinate roles and include the typical capabilities assigned to all Subcontractors or all Project Accounting personnel.
- Doc Creator and Doc Reader are subordinate roles with specific document capabilites and can have a Doc Type condition applied.
- Both Subcontractor and Project Accounting have Doc Creator and/or Doc Reader as Included roles. For example, Project Accounting has DocCreator for AP Vouchers and DocCreator for PO.
- HVAC includes the Subcontractor role. HVAC as the primary role is assigned to a User Contact (e.g., Joe Smith). Any subordinate roles (for example, DocReader for Punch List, Doc Creator for RFIs) included in the Subcontractor role are inherited by the HVAC role.
- Bookkeeping includes Project Accounting. Project Accounting includes DocCreator for AP Vouchers and DocCreator for POs.
| First Layer: | HVAC | Bookkeeping |
| Second Layer: | – Subcontractor | – Project Accounting |
| Third Layer: | – DocCreator for RFI
– Doc Reader for Punch List |
– Doc Creator for AP Vouchers
– Doc Creator for POs |
Notes:
- It is not possible to assign the user to Subcontractor directly, since Subcontractor is a subordinate role.
- It is not possible to assign Subcontractor to Project Accounting because Subcontractor has its own subordinate roles, and this would exceed the three level nesting.
Examples:
- Scenario 1: Betty is assigned Bookkeeping for Project XYZ; she will inherit the Project Accounting role, with its Included roles of DocCreator for AP Vouchers and DocCreator for POs.
- Scenario 2: Betty is Bookkeeping for Project XYZ and for POs; she will inherit the Project Accounting role with a limitation to just POs and the Included Role of DocCreator for POs. BUT she will NOT inherit the DocCreator for AP Vouchers because the condition at the Primary level (POs) will restrict Betty to POs.
KBA-01061; Last updated: October 19, 2016 at 12:25 pm;
Keywords: nested roles, subroles, included roles