Roles in F2
Privileges let a user perform different tasks in F2. They are given to a user through the assignment of roles. For example, if a user must be able to delete notes, the user must be assigned a role with the “Can delete notes” privilege.
In F2’s user interface, roles are sometimes referred to as "role types". |
F2 comes with a number of roles, including four administrator roles. An administrator with the “User administrator” or “Administrator” role can also create new roles.
The default roles in F2 are described below.
Administrator roles
The following section describes the available administrator roles and the associated privileges.
When F2 is installed, a user with the “Administrator” role is created simultaneously. Additional users must be created afterwards. If an additional authority is created within an F2 installation, another user with the “Administrator” role must be created as with the first authority. The administrator user created for the second authority will then perform relevant tasks in this authority.
There are four integrated administrator roles:
-
Administrator
-
User administrator
-
Business administrator
-
Technical administrator.
An administrator’s tasks can be changed by either assigning or removing privileges from each role. Read more about assigning privileges to roles.
The administrator roles and their privileges are listed below.
The “Administrator” role has the following privileges:
-
F2 Analytics administrator (add-on module)
-
User administrator
-
Distribution list editor
-
Extra email administrator
-
Keyword creator
-
Unit administrator
-
Unit type administrator
-
Flag administrator
-
Settings administrator
-
Can import documents from the server
-
Can import parties
-
Meeting forum administrator (add-on module, documentation available in Danish)
-
Editor of participants
-
Privilege administrator
-
On behalf of administrator
-
Result list administrator
-
Security group administrator
-
Template administrator
-
Progress codes administrator
-
System messages administrator
-
Search administrator
-
Team administrator
-
Team creator
-
Value list administrator.
The above privileges cannot be removed from the “Administrator” role. However, additional privileges may be added.
The “User administrator” role comes with the following privileges. These privileges may be removed, or additional privileges may be added, by a user with the “Privilege administrator” privilege:
-
User administrator
-
Extra email administrator
-
Keyword creator
-
Unit administrator
-
Unit type administrator
-
Flag administrator
-
Settings administrator
-
Can import documents from the server
-
Can import parties
-
Meeting forum administrator (add-on module, documentation available in Danish)
-
Editor of participants
-
Privilege administrator
-
On behalf of administrator
-
Security group administrator
-
System message administrator
-
Team administrator
-
Team creator.
The “Business administrator” role has the following privileges per default. These privileges may be removed, or additional privileges may be added, by a user with the “Privilege administrator” privilege:
-
F2 Analytics administrator (add-on module)
-
Distribution list editor
-
Keyword creator
-
Unit type administrator
-
Flag administrator
-
Can import documents from the server
-
Meeting forum administrator (add-on module, documentation available in Danish)
-
Template administrator
-
Progress codes administrator
-
Value list administrator.
The “Technical administrator” role has the following privileges per default. These privileges may be removed, or additional privileges may be added, by a user with the “Privilege administrator” privilege:
-
Result list administrator
-
Search administrator.
The different privileges are described in Privilege overview section.
Other default roles in F2
Besides the administrator roles, F2 comes with a number of other roles. Most of these are either job roles or related to add-on modules. The table below describes these roles.
Role | Description |
---|---|
Access to data cleanup |
This role is part of the F2 Data Cleanup add-on module. Users with this role have read access to all cases in the F2 installation and access to delete all cases regardless of their regular access to cases and records. This includes cases and records which otherwise could not be deleted because of e.g. registration status. |
Address book owner |
This role is automatically assigned to new users created in F2. Allows the user to create and edit private participants in the “Private” node in the participant register. Cannot be assigned manually and may not be removed from users. |
Can delete everything on cases |
This role lets the user delete a case regardless of the status of its records. When a case is deleted, a report containing information on the case and its records is sent to the user’s inbox. Read more about deleting cases. |
Can use F2 GDPR |
This role is part of the F2 Data Protection add-on module. Users with this role can create, delete, and edit GDPR searches and create data protection searches. Using F2 Data Protection, users can access all material in the F2 installation containing personal data. Contact cBrain for further information. |
Case manager |
This job role lets the user log into an associated unit. The organisation can assign privileges to the role that are relevant to a case manager. |
Gated approver |
This role is part of the F2 Gateway Approvals add-on module. The role is assigned to users with a gatekeeper (secretariat) who processes approvals on their behalf. The gatekeeper must be assigned “On behalf of” rights for the gated approver. |
Head of department |
This job role lets the user log into an associated unit. The organisation can assign privileges to the role that are relevant to a head of department. |
Read access to another unit |
This role lets the user search for and read records in the unit with which the role is associated. This means that a user in another unit who is assigned this role has read access to all the unit’s records with the “Unit” access level. |
Read and write access to another unit |
This role lets the user search for, read, and edit records in the unit with which the role is associated. This means that a user in another unit who is assigned this role has read and write access to all the unit’s records with the “Unit” access level. |
Team administrator |
This role is assigned automatically to users who are specified as team administrators. The role can only be assigned through this dialogue. |
Team member |
This role is assigned automatically to users who are specified as team members. The role can only be assigned through this dialogue. |
Assigning roles
A user in F2 must have one or more roles. A role contains one or more privileges in a given authority, allowing the user to perform different tasks within.
F2 is installed with an Active Directory (a central administration of users) integration. By default, F2 uses one of two possible AD integrations:
-
“Full integration” in which roles and privileges in F2 are controlled using AD. Updates F2’s users once a day by default.
-
“Standard integration” in which an administrator must assign updated users to their respective units.
F2 can be configured to authenticate F2 users using other LDAP servers than Active Directory, e.g. Oracle Unified Directory. This configuration does not support single sign-on. This means that users must enter their user name and password every time they log into F2. Configurations are performed in cooperation with cBrain. |
The following sections are based on an F2 installation with a standard AD integration, i.e. where the users are set up manually.
A user with the “User administrator” privilege can assign roles to users in two ways:
-
Through the “Assign role to users” dialogue in which it is possible to assign a role to several users at the same time.
-
Through the “Properties for the user [name]” dialogue in which it is also possible to remove the user’s roles. Read more about this in Assign role to a single user.
Assign role to several users
Users with the “User administrator” privilege can assign roles to one or more users through the “Assign role to users” dialogue, which is accessed on the “Administrator” tab in the main window. Users with the "Decentral unit and user administrator" privilege can use the same dialogue to assign decentral roles.
Add one or more users to the “Users” field. Then select a role to assign to the selected users, and specify the unit in which to assign to role. Click Assign to complete the operation.
In this dialogue, users can also be moved from one unit to another. When the relevant users are added to the “Users” field, tick “Remove users from their current units”. Then select a role to assign to the users in the new unit. Click Assign to complete the move.
Assign role to a single user
Roles can be assigned to one user at a time through the “Properties for the user [Name]” dialogue. Open the dialogue by clicking on the Units and users menu item. The user’s master data can also be added here.
The steps below describe how Abigail Anderson from Administration is assigned the business administrator role.
After clicking on the Units and users menu item in the “Administrator” tab, click on the Users tab in the dialogue.
Select the user who needs a new role, in this case Abigail Anderson.
Click on Properties.
In the “Properties for the user Abigail Anderson” dialogue, click on the Roles tab and then on Add role.
To add a role, first select a “Role type”, in this example “Business administrator”. Then select the unit to which the role must be applied. In this example, it is the “Administration” unit.
It is also possible to select units in other authorities as well as external participants. This may be relevant when granting write access to external participants. |
Click on OK to assign the “Business administrator” role for the “Administration” unit to the user Abigail Anderson.
The role then appears in the overview of the user’s roles and job roles.
To remove a role from a user, select the role and click on Remove. The role is then removed from the user.
It is important to select the correct unit for the user’s role. The role and its location determine which privileges the user has in a given unit. |
Create and assign roles
An administrator can create roles as needed. To create new roles, the administrator must have either the “User administrator” or “Administrator” roles.
To view available roles, click on the Role types and privileges menu item on the “Administrator” tab.
A dialogue opens and a list of the organisation’s role types can be seen by clicking the drop-down arrow in the “Role type” field.
In this dialogue roles can also be created and edited by clicking the buttons New role type and Edit role type, respectively.
Click on New role type to open the “New role type” dialogue. Add the following information in the dialogue:
-
The name of the role.
-
A description of the role’s function e.g. “Access to edit templates and keywords”.
-
The synchronisation key if using full AD integration.
-
Tick the “Active” checkbox to activate the role so it can be assigned to users.
-
Tick the "Job" checkbox if the user will use the role to log in to F2. A user must have at least one job role in order to log in. You cannot untick this box later.
You can then assign one or more privileges to the role. This lets users with this role perform a number of actions.
A role cannot be deleted, only deactivated. |