Users: Roles, privileges, and security groups
The content of this website is last updated to F2 version 11. cBrain are working hard on supplying you with the newest documentation of F2. |
The "Users: Roles, privileges, and security groups" report type extracts data about what users can do in F2 based on their roles and the roles' privileges.
The report type contains five default configurations that give different overviews of how rights are or have been assigned focusing on access to units and security groups.
The "Who has privilege in unit" default configuration
Use the "Who has privilege in unit" default configuration to get a detailed overview of assigned privileges and their effect across users and units.
The configuration includes filters, but no fields to fill in.
Column name | Description | Examples |
---|---|---|
Username |
The value indicated in the "Name" field in the user properties. |
Holly Rogers Isaac Johnson |
Role’s unit |
The unit with which the role is associated. |
HR Administration |
Privilege |
Name of the privilege. |
Settings administrator Editor of participants |
Privilege ID |
The unique ID of the privilege. |
56 14 |
Filters
When drawing a report with this default configuration, the extraction is filtered as described in the table below.
Filter | Value | Effect |
---|---|---|
Role is active |
True |
Excludes deactivated roles since users cannot use the relevant role’s privileges. Therefore the result only includes privileges from roles with a check in the Active field. |
User is active |
True |
Excludes deactivated users since they cannot log in to F2 and use their assigned privileges. |
Role is assigned |
True |
Excludes roles that were previously assigned to users, but have since been withdrawn. The result only includes current roles and privileges regardless of whether the user previously has had access to a specific privilege in other ways. |
The "Who has role in unit" default configuration
Use the "Who has role in unit" default configuration to create a detailed overview of assigned roles across users and units.
The configuration includes filters, but no fields to fill in.
Column name | Description | Example |
---|---|---|
Username |
The value indicated in the "Name" field in the user properties. |
Holly Rogers Isaac Johnson |
Role’s unit |
The unit with which the role is associated. |
HR Administration |
Role name |
Name of the affected role as specified under "Role type" in the "Roles and privileges" window. |
Caseworker Can delete everything on cases |
Description |
User-provided description of a role. |
Gives access to delete cases in F2 even if you do not have access to all the records on the case. |
Filters
When drawing a report with this default configuration, the extraction is filtered as described in the table below.
Filter | Value | Description |
---|---|---|
Role is active |
True |
Excludes deactivated roles. Therefore the result only includes privileges from roles with a check in the Active field. |
User is active |
True |
Excludes deactivated users since they cannot log in to F2 and use their assigned privileges. |
Role is assigned |
True |
Excludes roles that were previously assigned to users, but have since been withdrawn. |
The "Which roles and privileges does a user have" default configuration
Use the "Which roles and privileges does a user have" default configuration to create a detailed overview of all users' roles and associated privileges.
The configuration includes filters, but no fields to fill in.
Column name | Description | Example |
---|---|---|
Username |
The value indicated in the "Name" field in the user properties. |
Holly Rogers Isaac Johnson |
Role name |
Name of the affected role as specified under "Role type" in the "Roles and privileges" window. |
Caseworker Can delete everything on cases |
Description |
User-provided description of a role. |
Gives access to delete cases in F2 even if you do not have access to all the records on the case. |
Privilege |
Name of the privilege. |
Settings administrator Editor of participants |
Privilege ID |
The unique ID of the privilege. |
56 14 |
Filters
When drawing a report with this default configuration, the extraction is filtered as described in the table below.
Filter | Value | Effect |
---|---|---|
Role is active |
True |
Excludes deactivated roles since users cannot use the relevant roles or their privileges. Therefore the result only includes privileges from roles with a check in the Active field. |
User is active |
True |
Excludes deactivated users since they cannot log in to F2 and use their assigned roles and privileges. |
Role is assigned |
True |
Excludes roles that were previously assigned to users, but have since been withdrawn. The result only includes current roles and privileges regardless of whether the user previously has had access to a specific privilege in other ways. |
The "Who has had a privilege for a period of time" default configuration
Use the "Who has had a privilege for a period of time" default configuration to understand which users had access to F2’s various privileges in a given time period. From the extraction, you can deduce who has been able to perform the various actions that the privileges grant access to during the period.
Column name | Description | Examples |
---|---|---|
Username |
The value indicated in the "Name" field in the user properties. |
Holly Rogers Isaac Johnson |
Privilege |
Name of the privilege. |
Settings administrator Can reopen cases |
Privilege ID |
The unique ID of the privilege. |
56 14 |
The "Who has security group" default configuration
Use the "Who has security group" default configuration to create an overview of security groups in F2 and their current members.
The configuration contains filters, but no fields to fill in.
Column name | Description | Examples |
---|---|---|
Username |
The value indicated in the "Name" field in the user properties. |
Holly Rogers Isaac Johnson |
Security group |
Name of the security group associated with the given privilege of the "Archive access" type. |
SG: Leadership |
Filters
When drawing a report with this default configuration, the extraction is filtered as described in the table below.
Filter | Value | Description |
---|---|---|
Role is assigned |
True |
Excludes users that are not longer members of the security groups. |
Privilege ID |
0 |
Limits the extraction to the specific privilege associated with access to security groups. |
Other available columns
The following table covers columns that are accessible when configuring reports, but are not included in the default configurations.
Column name | Description | Examples |
---|---|---|
User’s username |
The value specified in the "Username" field in the user properties. |
Holly Rogers hro |
Role is active |
Indicates whether the "Active" checkbox has been ticked for the role in the "Role types and privileges". |
true 0 |
User is active |
Indicates whether a user was active in F2 at the time of extraction. |
true 0 |
User deactivated on |
Date and time when a user was deactivated, if applicable. |
2023-11-14T12:40:29.597 2023-04-12T15:30:20.773 |
Role is assigned |
Indicates whether the user is assigned the given role at the time of extraction. |
true 0 |
Role assigned on |
Date and time when a user was assigned the given role. |
2023-11-14T12:40:29.597 2023-04-12T15:30:20.773 |
From |
The beginning of a time period. The column is best used for delimitation. |
2023-11-14T12:40:29.597 2023-04-12T15:30:20.773 |
To |
The end of a time period. The column is best used for delimitation. |
2023-11-14T12:40:29.597 2023-04-12T15:30:20.773 |
Unit participant no. |
The unit’s number in the organisation’s participant register. |
48 106 |
Internal participant’s synchronisation key |
The key that ensures correct synchronisation with AD of internal participants. In this case, it applies specifically to the unit specified in "Role’s unit". |
it_office |
User participant no. |
The user’s number in the organisation’s participant register. |
48 106 |
Job roles' locations |
The unit where a user’s job role is located. |
IT office HR; Recruitment |
Name |
Name of the user who has performed an action. If the action was performed on behalf of another user, the name of the "on behalf of" user is specified. |
Holly Rogers Isaac Johnson |
Login name |
If a user has performed the action on behalf of another user, the name of the logged-in user is specified. |
Holly Rogers Isaac Johnson |
Count |
Accumulates identical rows in the data extract and returns the total. |
249 |