User-level security: Roles and Groups

Together, security roles and security groups let you control access to the ASP.NET-based features of iMIS; in contrast, older features of iMIS are secured using authorization levels (see Authorization levels: Desktop views). Security role and group assignments are defined in user records.

  • Security roles grant specific administrative privileges to user records. For example, one security role might let you use and edit an iMIS definition object in the Document System, while another role might let you use that object but not edit (or even see) its properties.
  • Security groups control which iMIS features group members see and which capabilities within each feature they can use.
📘

Note

User-level security is separate from object-level security (see Preconfigured security sets), which restricts objects (folders, queries, reports) in the Document System.

Roles: SysAdmin

The default SysAdmin role grants privileges much like those of the MANAGER user record. Only a Full user can be a SysAdmin. Each SysAdmin can:

  • Edit user records, including logon names (unless that privilege is disabled in the web.config file for iMIS)
  • Use System Setup
  • Use Tools (if licensed)
  • Administer Issues (if licensed)
    • Start e-mail server
    • Set up module

Groups

The following table describes the security groups that affect user privileges.

Group Description iMIS Feature
CampaignAdmin Enables full-control access to the Campaign functionality and its objects Marketing
CampaignMgr Enables read/add/edit/delete access to the Campaign functionality, and read/edit access to its objects Marketing
CampaignUser Enables read-only access to the Campaign functionality and its objects Marketing
Certification Admin Enables full-control access to the Certification functionality and its objects Certification
Certification Manager Enables read/add/edit/delete access to the Certification functionality, and read/edit access to its objects Certification
Certification User Enables read-only access to the Certification functionality and its objects Certification
EventUser Controls security for IQA integration Events
FRUser Controls security for IQA integration Fundraising
OpportunityAdmin Enables full-control access to Process Manager and its objects Process Manager
OpportunityCreator In Process Manager, enables add privileges for projects, and read/edit/delete access to created projects, but read-only access to projects created by others Process Manager
OpportunityMgr Enables read/add/edit/delete access to Process Manager, and read/edit access to its objects Process Manager
OpportunityOwners Enables addition to a project's Owner or Contact group Process Manager
OpportunityUser Enables read-only access to Process Manager and its objects Process Manager
OrderUser Controls security for IQA integration Orders
Reporting Enables access to IQA query links IQA
RFMAdmin Enables full-control access to the RFM application and its objects Marketing
RFMMgr Enables read/add/edit/delete access to the RFM application, and read/edit access to its objects Marketing
RFMUser Enables read-only access to the RFM functionality and its objects Marketing
SegAdmin Enables full-control access to the Segmentation functionality and its objects Marketing
SegMgr Enables read/add/edit/delete access to the Segmentation functionality, and read/edit access to its objects Marketing
SegUser Enables read-only access to the Segmentation functionality and its objects Marketing

Group membership controls web access

Group membership determines whether a user sees Marketing and/or Process Manager from a web client.

  • To grant access to Marketing, place users in one of these groups:

    • CampaignAdmin
    • CampaignMgr
    • CampaignUser
    • RFMAdmin
    • RFMMgr
    • RFMUser
    • SegAdmin
    • SegMgr
    • SegUser
  • To grant access to Process Manager, place users in one of these groups:

    • OpportunityAdmin
    • OpportunityCreator
    • OpportunityMgr
    • OpportunityOwners
    • OpportunityUser
📘

Note

Casual licensing prevents access Marketing or Process Manager, regardless of group assignments.