Users: Roles, privileges, and security groups

The "Users: Roles, privileges, and security groups" report type extracts data about what users can do in F2 based on their roles and the roles' privileges.

The report type contains five default configurations that give different overviews of how rights are or have been assigned focusing on access to units and security groups.

The "Who has privilege in unit" default configuration

Use the "Who has privilege in unit" default configuration to get a detailed overview of assigned privileges and their effect across users and units.

The configuration includes filters, but no fields to fill in.

Column name	Description	Examples
Username	The value indicated in the "Name" field in the user properties.	Holly Rogers Isaac Johnson
Role’s unit	The unit with which the role is associated.	HR Administration
Privilege	Name of the privilege.	Settings administrator Editor of participants
Privilege ID	The unique ID of the privilege.	56 14

Column name

Description

Examples

Username

The value indicated in the "Name" field in the user properties.

Holly Rogers

Isaac Johnson

Role’s unit

The unit with which the role is associated.

Administration

Privilege

Name of the privilege.

Settings administrator

Editor of participants

Privilege ID

The unique ID of the privilege.

Filters

When drawing a report with this default configuration, the extraction is filtered as described in the table below.

Filter	Value	Effect
Role is active	True	Excludes deactivated roles since users cannot use the relevant role’s privileges. Therefore the result only includes privileges from roles with a check in the Active field.
User is active	True	Excludes deactivated users since they cannot log in to F2 and use their assigned privileges.
Role is assigned	True	Excludes roles that were previously assigned to users, but have since been withdrawn. The result only includes current roles and privileges regardless of whether the user previously has had access to a specific privilege in other ways.

Filter

Value

Effect

Role is active

True

Excludes deactivated roles since users cannot use the relevant role’s privileges. Therefore the result only includes privileges from roles with a check in the Active field.

User is active

True

Excludes deactivated users since they cannot log in to F2 and use their assigned privileges.

Role is assigned

True

Excludes roles that were previously assigned to users, but have since been withdrawn. The result only includes current roles and privileges regardless of whether the user previously has had access to a specific privilege in other ways.

The "Who has role in unit" default configuration

Use the "Who has role in unit" default configuration to create a detailed overview of assigned roles across users and units.

The configuration includes filters, but no fields to fill in.

Column name	Description	Example
Username	The value indicated in the "Name" field in the user properties.	Holly Rogers Isaac Johnson
Role’s unit	The unit with which the role is associated.	HR Administration
Role name	Name of the affected role as specified under "Role type" in the "Roles and privileges" window.	Caseworker Can delete everything on cases
Description	User-provided description of a role.	Gives access to delete cases in F2 even if you do not have access to all the records on the case.

Column name

Description

Example

Username

The value indicated in the "Name" field in the user properties.

Holly Rogers

Isaac Johnson

Role’s unit

The unit with which the role is associated.

Administration

Role name

Name of the affected role as specified under "Role type" in the "Roles and privileges" window.

Caseworker

Can delete everything on cases

Description

User-provided description of a role.

Gives access to delete cases in F2 even if you do not have access to all the records on the case.

Filters

When drawing a report with this default configuration, the extraction is filtered as described in the table below.

Filter	Value	Description
Role is active	True	Excludes deactivated roles. Therefore the result only includes privileges from roles with a check in the Active field.
User is active	True	Excludes deactivated users since they cannot log in to F2 and use their assigned privileges.
Role is assigned	True	Excludes roles that were previously assigned to users, but have since been withdrawn.

Filter

Value

Description

Role is active

True

Excludes deactivated roles. Therefore the result only includes privileges from roles with a check in the Active field.

User is active

True

Excludes deactivated users since they cannot log in to F2 and use their assigned privileges.

Role is assigned

True

Excludes roles that were previously assigned to users, but have since been withdrawn.

The "Which roles and privileges does a user have" default configuration

Use the "Which roles and privileges does a user have" default configuration to create a detailed overview of all users' roles and associated privileges.

The configuration includes filters, but no fields to fill in.

Column name	Description	Example
Username	The value indicated in the "Name" field in the user properties.	Holly Rogers Isaac Johnson
Role name	Name of the affected role as specified under "Role type" in the "Roles and privileges" window.	Caseworker Can delete everything on cases
Description	User-provided description of a role.	Gives access to delete cases in F2 even if you do not have access to all the records on the case.
Privilege	Name of the privilege.	Settings administrator Editor of participants
Privilege ID	The unique ID of the privilege.	56 14

Column name

Description

Example

Username

The value indicated in the "Name" field in the user properties.

Holly Rogers

Isaac Johnson

Role name

Name of the affected role as specified under "Role type" in the "Roles and privileges" window.

Caseworker

Can delete everything on cases

Description

User-provided description of a role.

Gives access to delete cases in F2 even if you do not have access to all the records on the case.

Privilege

Name of the privilege.

Settings administrator

Editor of participants

Privilege ID

The unique ID of the privilege.

Filters

When drawing a report with this default configuration, the extraction is filtered as described in the table below.

Filter	Value	Effect
Role is active	True	Excludes deactivated roles since users cannot use the relevant roles or their privileges. Therefore the result only includes privileges from roles with a check in the Active field.
User is active	True	Excludes deactivated users since they cannot log in to F2 and use their assigned roles and privileges.
Role is assigned	True	Excludes roles that were previously assigned to users, but have since been withdrawn. The result only includes current roles and privileges regardless of whether the user previously has had access to a specific privilege in other ways.

Filter

Value

Effect

Role is active

True

Excludes deactivated roles since users cannot use the relevant roles or their privileges. Therefore the result only includes privileges from roles with a check in the Active field.

User is active

True

Excludes deactivated users since they cannot log in to F2 and use their assigned roles and privileges.

Role is assigned

True

The "Who has had a privilege for a period of time" default configuration

Use the "Who has had a privilege for a period of time" default configuration to understand which users had access to F2’s various privileges in a given time period. From the extraction, you can deduce who has been able to perform the various actions that the privileges grant access to during the period.

Column name	Description	Examples
Username	The value indicated in the "Name" field in the user properties.	Holly Rogers Isaac Johnson
Privilege	Name of the privilege.	Settings administrator Can reopen cases
Privilege ID	The unique ID of the privilege.	56 14

Column name

Description

Examples

Username

The value indicated in the "Name" field in the user properties.

Holly Rogers

Isaac Johnson

Privilege

Name of the privilege.

Settings administrator

Can reopen cases

Privilege ID

The unique ID of the privilege.

Filters

When you draw a report with this default configuration, the extraction is filtered as described in the table below.

Filter	Value	Description
User is active	True	Excludes users that were deactivated in the selected period.

Filter

Value

Description

User is active

True

Excludes users that were deactivated in the selected period.

Fields to fill in

When you draw a report with this default configuration, fill in the fields as described in the table below.

Field	Description
From	Specify the starting date of the time period you want to draw data about.
To	Specify the end date of the time period you want to draw data about.

Field

Description

From

Specify the starting date of the time period you want to draw data about.

Specify the end date of the time period you want to draw data about.

The "Who has security group" default configuration

Use the "Who has security group" default configuration to create an overview of security groups in F2 and their current members.

The configuration contains filters, but no fields to fill in.

Column name	Description	Examples
Username	The value indicated in the "Name" field in the user properties.	Holly Rogers Isaac Johnson
Security group	Name of the security group associated with the given privilege of the "Archive access" type.	SG: Leadership

Column name

Description

Examples

Username

The value indicated in the "Name" field in the user properties.

Holly Rogers

Isaac Johnson

Security group

Name of the security group associated with the given privilege of the "Archive access" type.

SG: Leadership

Filters

When drawing a report with this default configuration, the extraction is filtered as described in the table below.

Filter	Value	Description
Role is assigned	True	Excludes users that are not longer members of the security groups.
Privilege ID	0	Limits the extraction to the specific privilege associated with access to security groups.

Filter

Value

Description

Role is assigned

True

Excludes users that are not longer members of the security groups.

Privilege ID

Limits the extraction to the specific privilege associated with access to security groups.

Other available columns

The following table covers columns that are accessible when configuring reports, but are not included in the default configurations.

Column name	Description	Examples
User’s username	The value specified in the "Username" field in the user properties.	Holly Rogers hro
Role is active	Indicates whether the "Active" checkbox has been ticked for the role in the "Role types and privileges".	true 0
User is active	Indicates whether a user was active in F2 at the time of extraction.	true 0
User deactivated on	Date and time when a user was deactivated, if applicable.	2023-11-14T12:40:29.597 2023-04-12T15:30:20.773
Role is assigned	Indicates whether the user is assigned the given role at the time of extraction.	true 0
Role assigned on	Date and time when a user was assigned the given role.	2023-11-14T12:40:29.597 2023-04-12T15:30:20.773
From	The beginning of a time period. The column is best used for delimitation.	2023-11-14T12:40:29.597 2023-04-12T15:30:20.773
To	The end of a time period. The column is best used for delimitation.	2023-11-14T12:40:29.597 2023-04-12T15:30:20.773
Unit participant no.	The unit’s number in the organisation’s participant register.	48 106
Internal participant’s synchronisation key	The key that ensures correct synchronisation with AD of internal participants. In this case, it applies specifically to the unit specified in "Role’s unit".	it_office
User participant no.	The user’s number in the organisation’s participant register.	48 106
Job roles' locations	The unit where a user’s job role is located.	IT office HR; Recruitment
Name	Name of the user who has performed an action. If the action was performed on behalf of another user, the name of the "on behalf of" user is specified.	Holly Rogers Isaac Johnson
Login name	If a user has performed the action on behalf of another user, the name of the logged-in user is specified.	Holly Rogers Isaac Johnson
Count	Accumulates identical rows in the data extract and returns the total.	249

Column name

Description

Examples

User’s username

The value specified in the "Username" field in the user properties.

Holly Rogers

hro

Role is active

Indicates whether the "Active" checkbox has been ticked for the role in the "Role types and privileges".

true

User is active

Indicates whether a user was active in F2 at the time of extraction.

true

User deactivated on

Date and time when a user was deactivated, if applicable.

2023-11-14T12:40:29.597

2023-04-12T15:30:20.773

Role is assigned

Indicates whether the user is assigned the given role at the time of extraction.

true

Role assigned on

Date and time when a user was assigned the given role.

2023-11-14T12:40:29.597

2023-04-12T15:30:20.773

From

The beginning of a time period. The column is best used for delimitation.

2023-11-14T12:40:29.597

2023-04-12T15:30:20.773

The end of a time period. The column is best used for delimitation.

2023-11-14T12:40:29.597

2023-04-12T15:30:20.773

Unit participant no.

The unit’s number in the organisation’s participant register.

106

Internal participant’s synchronisation key

The key that ensures correct synchronisation with AD of internal participants.

In this case, it applies specifically to the unit specified in "Role’s unit".

it_office

User participant no.

The user’s number in the organisation’s participant register.

106

Job roles' locations

The unit where a user’s job role is located.

IT office

HR; Recruitment

Name

Name of the user who has performed an action. If the action was performed on behalf of another user, the name of the "on behalf of" user is specified.

Holly Rogers

Isaac Johnson

If a user has performed the action on behalf of another user, the name of the logged-in user is specified.

Holly Rogers

Isaac Johnson

Count

Accumulates identical rows in the data extract and returns the total.

249