Privileges
It is not possible to assign a privilege to a user directly. A privilege must be assigned to a role, which can then be assigned to a user. This mean that all users that are assigned a given role type will have its privilege(s).
Assigning privileges to role types requires the “Privilege administrator” privilege.
Privileges, as well as role types, are managed in the “Role types and privileges” dialogue. Click on the Role types and privileges menu item on the “Administrator” tab to open the dialogue.
The organisation’s appointed privilege administrator can distribute privileges to role types and assign them authorities and security groups. It is not possible to create, delete, or edit the names or rights of the privileges.
In the “Role types and privileges” dialogue, new roles can be created and assigned privileges. Read more about assigning roles.
Assign a privilege to a role
In the “Role types and privileges” dialogue, privileges can be assigned to a role. Select a role that needs a privilege assigned in the “Role type” field, e.g. “Access to HR” as shown in the figure below.
Click on New privilege and the “New privilege” dialogue opens. See the figure below.
Select a new privilege to add to the role. Then select an authority to which the privilege applies. A security group can also be attached to the privilege.
Click on OK to finish.
All users with the “Access to HR” role now have archive access to the security group in the chosen authority.
Edit or remove privileges from a role
Privileges can be edited or removed from a role type. To do this, select a privilege in the list of the current role type’s privileges, e.g. “Archive access”, as shown in the figure below.
Click Edit privilege to open the “Edit privilege” dialogue. See the figure below.
Select another privilege, another authority, or another security group.
Click on OK to finish.
To remove an existing privilege from the current role type, click Delete privilege. The action cannot be undone and no warning appears.
Privilege overview
The privilege list is the same for all F2 installations (if using the same version of F2). Some privileges are only available if the relevant add-on module is active.
To see a list of available privileges, click the drop-down arrow in the “Privilege type” field which appears in both the “New privilege” and the “Edit privilege” dialogues. See the figure below.
An administrator with the “Privilege administrator” privilege can assign privileges and their associated rights to users via role types. Privileges and associated rights are presented in the table below.
Privilege | Description | ||
---|---|---|---|
Can read all records in F2 despite their access level. |
|||
Assigns a role to a security group. This lets an administrator add participants to security groups. |
|||
Can add/change/remove case guides in existing cases (add-on module) |
Can edit case guides for existing cases. |
||
Can change responsible on all cases |
Can change the responsible user/unit on a case. |
||
Can change responsible on all records |
Can change the responsible user/unit on a record. This privilege is meant for users who allocate many records and may need to reallocate responsibility, e.g. if responsibility on a record has been allocated to the wrong user/unit. |
||
Can delete cases |
Can delete cases under certain conditions. The conditions are listed in Cases. |
||
Can delete notes |
Can delete record notes. |
||
Can delete shared records for everyone |
Can delete a record for everyone, even if the record is shared. |
||
Can edit case templates (add-on module) |
Can edit case templates. Case templates can be applied by the organisation’s users in the “New case” dialogue. |
||
Can edit certain user properties |
Can edit a range of pre-selected user properties in the participant properties dialogue, e.g. title, address fields, and images. The list of properties is configurable. Configurations are made in cooperation with cBrain. |
||
Can edit ext. participant no. |
Can edit an external participant’s synchronisation number. |
||
Can import documents from the server (add-on module) |
Can import documents from the server, if this is configured. The configuration is done in cooperation with cBrain. |
||
Can import participants |
Can import external participants. |
||
Can quality assure cases (add-on module) |
Can quality assure cases on the case tab. |
||
Can see access information |
Can see access information for records, i.e. who can view the records, and how they were granted access. |
||
Can send on behalf of everybody in the authority |
Can send records both internally and externally on behalf of all users and units in the authority. |
||
Can take over approval (add-on module) |
Can take over an approval without write access to the approval record. This allows for urgent processing of an approval when the responsible user/unit or an approver is unavailable. Read more about taking over approvals. |
||
Can use the GDPR module without extra access (add-on module) |
Can view existing GDPR searches, but not create, delete or edit them. The user can open GDPR searches, but can only preview cases, records, and documents which they otherwise would be able to see. |
||
CBrainInstaller |
Can edit configurations of the F2 installation. cBrain recommends that all configurations are performed in cooperation with cBrain. |
||
CBrainSuperSetter |
Can edit configurations of the F2 installation. cBrain recommends that all configurations are performed in cooperation with cBrain. |
||
CBrainSetter |
Can edit configurations of the F2 installation. cBrain recommends that all performed are done in cooperation with cBrain. |
||
Closer cases |
Can complete cases. |
||
Creates cases |
Can create new cases. |
||
cSearch access (add-on module) |
Can perform searches using the add-on module cSearch. |
||
Decentral unit and user administrator |
Can create decentral units. Can assign decentral roles to existing users for selected levels in the organisation. |
||
Can create and edit shared distribution lists in F2. |
|||
Does not have approvals active in F2 Manager (add-on module) |
Cannot see approvals in F2 Manager. |
||
Does not have bookmarks active in F2 Manager (add-on module) |
Cannot see bookmarks in F2 Manager. |
||
Does not have meeting planner active in F2 Manager (add-on module) |
Cannot see the meeting planner in F2 Manager. |
||
Can create, edit, and delete external participants as well as edit images for external participants.
|
|||
Extra email administrator |
Can create extra emails for units. |
||
F2 Analytics administrator |
Provides access to use the F2 Analytics add-on module (documentation available in Danish). Exports are made across access levels and security groups. They do not show content, only titles and records. |
||
F2Setter |
Can edit configurations of the F2 installation. cBrain recommends that all configurations are performed in cooperation with cBrain. |
||
Flag administrator |
Can create, edit, and delete flags. |
||
Can create, edit, and delete keywords as well as assign keywords to a unit. |
|||
Limited access to data cleanup (add-on module) |
Allows the user to clean up and delete cases to which they already have write access using the F2 Data Cleanup add-on module. The user can also access cases to which they have read access in the module, but they cannot delete them. Read more about Data Cleanup. |
||
Meeting forum administrator (add-on module) |
Can create, edit, deactivate, activate, and delete meeting forums. |
||
No case help for saving or sending records |
Will not see the case help when sending or saving a record. For more information, see the section No case help for saving or sending records. |
||
On behalf of administrator |
Can create and delete “on behalf of” rights for all users. |
||
Phrase administrator (add-on, available in Danish) |
Can edit phrases for merging documents. |
||
Privilege administrator |
Can create new roles and assign, remove, and edit privileges for a role. |
||
Progress code administrator |
Can create, edit, and delete progress codes. |
||
Reopener case |
Can reopen cases. |
||
Result list administrator |
Can create standard column layouts for all users. |
||
Search administrator |
Can create fixed searches for all users. If the F2 Search Templates add-on module has been configured, users with this privilege will be able to view search templates. Search templates are configured in cooperation with cBrain. |
||
Security group administrator |
Can create, edit and delete security groups. |
||
Settings administrator |
Can create, edit, and delete user settings and assign them to individual users, new users, and based on the users’ roles. |
||
SSN Synchronizer (add-on module) |
Can access the CPR from the properties dialogue for participants and users and update participant information from there. |
||
System message administrator |
Can create, edit and delete system messages. |
||
Team administrator |
Can create, edit, and delete teams. |
||
Team creator |
Can create teams across the authority. |
||
Template administrator |
Can create, edit, and delete document templates and global approval templates (add-on module). |
||
Unit administrator |
Can create, edit, move, and deactivate units. |
||
Unit type administrator |
Can create and delete unit types. |
||
User administrator |
Can create, deactivate, and edit users, including user images. Can also log out a user from all F2 sessions. |
||
Value list administrator |
Can create, edit, and delete value lists. |
Further explanation of selected privileges
The following sections describe selected privileges in further detail.
Administrator read access to all records
Users with this privilege can search and find all records in their authority except for records in users’ “My private records” lists or records with an access restriction which they aren’t part of. The privilege grants read access to records with the “Involved” and “Unit” access levels which would be otherwise inaccessible to the user.
This privilege can be used e.g. when an employee leaves the organisation and the records for which they are responsible must be reallocated.
Read access to all records is disabled by default. A user with the privilege can enable it via the “Read access to all records” menu item in the “Misc.” menu group on the “Administrator” tab.
Archive access
The purpose of this privilege is to attach a group of users to a security group within an authority. It must be decided which role type is to be connected to the security group.
A user with a role containing the above privilege becomes a member of the security group. This privilege is attached to a role type and describes an interconnection between a security group and an authority.
Creates cases
Users can create new cases in F2 if they have a role to which the “Create cases” privilege is attached. The privilege depends on a connection between a role type and an authority. In other words, the access to create cases is subject to an authority.
This means that users with this privilege can create new cases in the selected authority only.
Distribution list editor
All users can create personal distribution lists. However, only users with a role to which this privilege is attached can create and manage shared distribution lists in F2.
Editor of participants
Users who have a role with this privilege can view and edit external participants. External participants are shared across authorities. It is therefore irrelevant which authority the privilege is granted under.
All users can create private participants, but only users with a role to which this privilege is attached can manage the shared external participants in F2. The role’s placement determines which external participants the privilege has write access to.
Keyword administrator
All users can add existing keywords to records and cases. However, only users with a role to which this privilege is attached can manage keywords in F2. This means that this privilege lets the user create new keywords as well as deactivate and edit existing keywords.
Read more about keywords in relation to departments and authorities.
Keywords are shared by all authorities in an F2 installation. |
No case help for saving or sending records
A user with this privilege will not see the case help when saving or sending records. This means that any changes to metadata that are otherwise enforced by the case help will not apply to these actions when performed by said user. Other instances of the case help still apply. Depending on their setup, this means new records created by the user will have the case help box ticked and have the user listed as responsible for the record.
Any user with this privilege may save and send records that do not meet the organisation’s guidelines. Use caution when assigning this privilege. |