- Getting Started
- Administration Guide
- User Guide
- Developer Guide
Wyn Enterprise: Roles
Wyn Enterprise employs role-based security which means that the permissions are assigned to roles, rather than to individual users. Roles give specific rights to users to perform certain actions or access certain areas. A user must be included in a role group to have the proper set of permissions. If you need to grant the permissions of a report or a model to the entire department, you can modify the role permissions without having to set it for everyone individually.
Wyn Enterprise provides three predefined roles in the Global organization, which are administrator, approver, and everyone. While, in other organizations, there are only two predefined roles, organization administrator and approver. Each role has its own set of permissions that lets you perform specific actions on the portal(s). However, if these roles do not meet the company's requirements, you can create custom roles. Visit this article for more information about custom roles.
Note: You cannot delete the predefined roles in Wyn Enterprise.
A user with the Administrator role has the highest set of privileges. It is the only role
that can manage the overall system level settings in Wyn Enterprise, like configuration, account, security, system, and document, and has the access to the Admin Portal. Other prominent tasks of an administrator are adding or deleting organizations (or sub-organizations), designating an organization administrator, creating custom roles, assigning members and permissions to the roles, deleting roles, and more.
A user with this role can create documents and further share them with the roles belonging to different organizations (or sub-organizations).
1. Only users with Admin roles can see and manage the Global Organization roles.
2. Permissions are not editable for the Administrator role.
A user with the Organization Administrator role can add a role, assign members and give permission to the roles, and delete roles, but only in his organizations or sub-organizations. An organization administrator can access the Admin Portal to manage the UI settings, email settings, account settings (including organizations, roles, and users), and document settings for his organizations or sub-organizations. Note that each organization (or sub-organization) has an organization administrator except for the 'Global' organization.
A user with this role can designate administrators for his current organization and sub-organizations. Furthermore, he can create documents and share them with the roles in his organizations (or sub-organizations).
A user with the Approver role is responsible for approving and rejecting the draft document in his current organization. If a document is shared with the roles belonging to different organizations, the publish requests of the documents will still be sent to the approvers belonging to that organization where the document was initially created. For more information on managing draft approvals, see this article.
In Wyn Enterprise, there is one Approver role in each organization including the 'Global' organization. The users with this role are granted read permissions on the draft documents by default. Moreover, roles like Administrator and the Organization Administrator also have the ability to approve or reject the publish request for a document. Note that these options to approve or reject draft documents are only available if the Enable Document Draft option in the Portal Setting is set to 'True'.
Note: For the Approver role, permissions like View Report and View Dashboard are enabled by default.
The Everyone role is useful when the administrator role wants to grant certain permissions to all users belonging to any organization. All the users are added to the Everyone role, by default. You cannot remove a user from the Everyone role.
1. By default, the Everyone role is granted the sharing permission.
2. Only Global Admin users can share the documents to Everyone role.