Assign Security Role to User
The Assign Security Role to User (SCUROL) page is used to grant and remove security roles assigned to a user. The first step is to locate the user. At that point the Edit action will transition to a page with two tabs. The User ID and Name of the selected user will appear above the tabs. Note: From the search page, select the User Information action from the row-level Related Pages menu to transition to the User Information page. This action is also available on the Page-level menu of the Edit and View pages.
Row-level actionsRow-level actions
-
Remove Current Role – This action deletes the association between the security role and the user.
-
Top, Up, Down, Bottom – These actions arrange the security roles for the user. If a user is assigned to more than one Security Role, keep in mind that during various authorization checks the system checks the user’s Security Roles in order of precedence until authority is found or all of the user’s roles have been checked. When a user requests access to an Application Resource, the system first checks the Security Role listed at the top of the grid on this tab. If that role allows access to the requested Application Resource, the system allows the user to access it. If it does not allow access, the system then checks the next role in the list. If the second role allows access to the requested Application Resource, the system allows the user to access it. The system continues down the list, checking the access rights for each Security Role, until it finds one that grants access or until it reaches the end of the list. For performance reasons, organize the Security Roles with the most frequently used role at the top. To rearrange the order of the roles, select the role in the grid and then select the action.
Available RolesAvailable Roles
Field InformationField Information
|
Field |
Description |
|
User ID |
The unique identification of a user. |
|
Name |
A concatenation of First Name and Last Name. |
|
Effective From |
When a role should only be delegated and not assigned permanently to a user, this date records the start of that delegation. |
|
Effective To |
When a role should only be delegated and not assigned permanently to a user, this date records the end of that delegation. |
|
Delegate |
When a role should be assigned only for a period of time, select this check box and enter Effective From, Effective To and Delegate Reason values. |
|
Delegate Reason |
When a role should only be delegated and not assigned permanently to a user, this descriptive field is intended to capture why. |
-
Add Available Role – This action add and association between the security role and the user.
-
Related Pages
-
Role Information - A transition to the Security Role page, which provides more information about a given role.
-
Assign User to Security Role - A transition to the Assign User to Security Role search page.
Note: An authorized user can also submit a User Maintenance (UDOC) to add or remove security roles. A Site Administrator can also remove security roles by submitting the Expired Security Role Clean-Up batch job. Emails are sent to users that are assigned a delegated security role for a specified time period (Notification ID: DGT_SEC_RL on the Notification Templates (NOTIF) page). Emails are also sent when a delegated security role is deleted from the user’s security roles (Notification ID: DLT_DGT_SE on the NOTIF page).
