Roles in F2

The content of this website is last updated to F2 version 11. cBrain are working hard on supplying you with the newest documentation of F2.

Privileges let a user perform different tasks in F2. They are given to a user through the assignment of roles. For example, if a user must be able to delete notes, the user must be assigned a role with the “Can delete notes” privilege.

In F2’s user interface, roles are sometimes referred to as "role types".

F2 comes with a number of roles, including four administrator roles. An administrator with the “User administrator” or “Administrator” role can also create new roles.

The default roles in F2 are described below.

Administrator roles

The following section describes the available administrator roles and the associated privileges.

When F2 is installed, a user with the “Administrator” role is created simultaneously. This user creates additional users afterwards. It is also possible to create new authorities within the same F2 installation.

A user cannot be an administrator in multiple authorities. When creating a new authority, you must also create a user with the role of "Administrator" in the new authority.

There are four integrated administrator roles:

An administrator’s tasks can be changed by either assigning or removing privileges from each role. Read more about assigning privileges to roles.

The administrator roles and their privileges are listed below.

Administrator

The “Administrator” role has the following privileges:

  • F2 Analytics administrator (add-on module)

  • User administrator

  • Distribution list editor

  • Extra email administrator

  • Keyword creator

  • Unit administrator

  • Unit type administrator

  • Flag administrator

  • Settings administrator

  • Can import documents from the server

  • Can import parties

  • Meeting forum administrator (add-on module, documentation available in Danish)

  • Editor of participants

  • Privilege administrator

  • On behalf of administrator

  • Result list administrator

  • Security group administrator

  • Template administrator

  • Progress codes administrator

  • System messages administrator

  • Search administrator

  • Team administrator

  • Team creator

  • Value list administrator.

The above privileges cannot be removed from the “Administrator” role. However, additional privileges may be added.

User administrator

The “User administrator” role comes with the following privileges. These privileges may be removed, or additional privileges may be added, by a user with the “Privilege administrator” privilege:

  • User administrator

  • Extra email administrator

  • Keyword creator

  • Unit administrator

  • Unit type administrator

  • Flag administrator

  • Settings administrator

  • Can import documents from the server

  • Can import parties

  • Meeting forum administrator (add-on module, documentation available in Danish)

  • Editor of participants

  • Privilege administrator

  • On behalf of administrator

  • Security group administrator

  • System message administrator

  • Team administrator

  • Team creator.

Business administrator

The “Business administrator” role has the following privileges per default. These privileges may be removed, or additional privileges may be added, by a user with the “Privilege administrator” privilege:

  • F2 Analytics administrator (add-on module)

  • Distribution list editor

  • Keyword creator

  • Unit type administrator

  • Flag administrator

  • Can import documents from the server

  • Meeting forum administrator (add-on module, documentation available in Danish)

  • Template administrator

  • Progress codes administrator

  • Value list administrator.

Technical administrator

The “Technical administrator” role has the following privileges per default. These privileges may be removed, or additional privileges may be added, by a user with the “Privilege administrator” privilege:

  • Result list administrator

  • Search administrator.

The different privileges are described in Privilege overview section.

Other default roles in F2

Besides the administrator roles, F2 comes with a number of other roles. Most of these are either job roles or related to add-on modules. The table below describes these roles.

Role Description

Access to data cleanup

This role is part of the F2 Data Cleanup add-on module.

Users with this role have read access to all cases in the F2 installation and access to delete all cases regardless of their regular access to cases and records. This includes cases and records which otherwise could not be deleted because of e.g. registration status.

Address book owner

This role is automatically assigned to new users created in F2. Allows the user to create and edit private participants in the “Private” node in the participant register. Cannot be assigned manually and may not be removed from users.

Can delete everything on cases

This role lets the user delete a case regardless of the status of its records. When a case is deleted, a report containing information on the case and its records is sent to the user’s inbox. Read more about deleting cases.

Can use F2 GDPR

This role is part of the F2 Data Protection add-on module.

Users with this role can create, delete, and edit GDPR searches and create data protection searches. Using F2 Data Protection, users can access all material in the F2 installation containing personal data. Contact cBrain for further information.

Case manager

This job role lets the user log into an associated unit. The organisation can assign privileges to the role that are relevant to a case manager.

Gated approver

This role is part of the F2 Gateway Approvals add-on module.

The role is assigned to users with a gatekeeper (secretariat) who processes approvals on their behalf. The gatekeeper must be assigned “On behalf of” rights for the gated approver.

Head of department

This job role lets the user log into an associated unit. The organisation can assign privileges to the role that are relevant to a head of department.

Read access to another unit

This role lets the user search for and read records in the unit with which the role is associated. This means that a user in another unit who is assigned this role has read access to all the unit’s records with the “Unit” access level.

Read and write access to another unit

This role lets the user search for, read, and edit records in the unit with which the role is associated. This means that a user in another unit who is assigned this role has read and write access to all the unit’s records with the “Unit” access level.

Team administrator

This role is assigned automatically to users who are specified as team administrators. The role can only be assigned through this dialogue.

Team member

This role is assigned automatically to users who are specified as team members. The role can only be assigned through this dialogue.

Assigning roles

A user in F2 must have one or more roles. A role contains one or more privileges in a given authority, allowing the user to perform different tasks within.

F2 is installed with an Active Directory (a central administration of users) integration. By default, F2 uses one of two possible AD integrations:

  • “Full integration” in which roles and privileges in F2 are controlled using AD. Updates F2’s users once a day by default.

  • “Standard integration” in which an administrator must assign updated users to their respective units.

F2 can be configured to authenticate F2 users using other LDAP servers than Active Directory, e.g. Oracle Unified Directory. This configuration does not support single sign-on. This means that users must enter their user name and password every time they log into F2. Configurations are performed in cooperation with cBrain.

The following sections are based on an F2 installation with a standard AD integration, i.e. where the users are set up manually.

A user with the “User administrator” privilege can assign roles to users in two ways:

Assign role to several users

Users with the “User administrator” privilege can assign roles to one or more users through the “Assign role to users” dialogue, which is accessed on the “Administrator” tab in the main window. Users with the "Decentral unit and user administrator" privilege can use the same dialogue to assign decentral roles.

image57
Figure 1. The “Assign role to users” menu item

Add one or more users to the “Users” field. Then select a role to assign to the selected users, and specify the unit in which to assign to role. Click Assign to complete the operation.

image58
Figure 2. The “Assign role to users” dialogue

In this dialogue, users can also be moved from one unit to another. When the relevant users are added to the “Users” field, tick “Remove users from their current units”. Then select a role to assign to the users in the new unit. Click Assign to complete the move.

Assign role to a single user

Roles can be assigned to one user at a time through the “Properties for the user [Name]” dialogue. Open the dialogue by clicking on the Units and users menu item. The user’s master data can also be added here.

The steps below describe how Abigail Anderson from Administration is assigned the business administrator role.

After clicking on the Units and users menu item in the “Administrator” tab, click on the Users tab in the dialogue.

Select the user who needs a new role, in this case Abigail Anderson.

Click on Properties.

image60
Figure 3. Select user

In the “Properties for the user Abigail Anderson” dialogue, click on the Roles tab and then on Add role.

user add role
Figure 4. Assign a role to the user

To add a role, first select a “Role type”, in this example “Business administrator”. Then select the unit to which the role must be applied. In this example, it is the “Administration” unit.

It is also possible to select units in other authorities as well as external participants. This may be relevant when granting write access to external participants.

Click on OK to assign the “Business administrator” role for the “Administration” unit to the user Abigail Anderson.

image64
Figure 5. Assign a role type to a user

The role then appears in the overview of the user’s roles and job roles.

To remove a role from a user, select the role and click on Remove. The role is then removed from the user.

user remove role
Figure 6. Remove a role from a user
It is important to select the correct unit for the user’s role. The role and its location determine which privileges the user has in a given unit.

Create and assign roles

An administrator can create roles as needed. To create new roles, the administrator must have either the “User administrator” or “Administrator” roles.

To view available roles, click on the Role types and privileges menu item on the “Administrator” tab.

A dialogue opens and a list of the organisation’s role types can be seen by clicking the drop-down arrow in the “Role type” field.

image68
Figure 7. The “Role types and privileges” menu item

In this dialogue roles can also be created and edited by clicking the buttons New role type and Edit role type, respectively.

image70
Figure 8. Role types and maintaining them

Click on New role type to open the “New role type” dialogue. Add the following information in the dialogue:

  • The name of the role.

  • A description of the role’s function e.g. “Access to edit templates and keywords”.

  • The synchronisation key if using full AD integration.

  • Tick the “Active” checkbox to activate the role so it can be assigned to users.

  • Tick the "Job" checkbox if the user will use the role to log in to F2. A user must have at least one job role in order to log in. You cannot untick this box later.

image72
Figure 9. The “New role type” dialogue

You can then assign one or more privileges to the role. This lets users with this role perform a number of actions.

A role cannot be deleted, only deactivated.