You are currently viewing a limited version of this help centre. To access more content, please sign in with your support account or create a new one.

Sign in Create an account
Continue with limited experience
Navigation
Back
Need help?
Sign in

Looking for help?

Guides

View more
Access an account

Learn how to create a new account or recover an existing one.

Open a ticket

See how to raise an issue or question with our Support team.

Manage tickets

Check how to view and update your previously submitted tickets.

Access e-learning

Find training courses and learn how to use your solution.

Experiencing an issue, or have an idea? Feedback
New Updated
No results found
enterReturn key to select
Arrow keys to navigate
escEscape key to close

Changes to security model in forthcoming version 1.11

Karl Newstead
  • Updated
⌘ K
Search this article
Print this article
Who is this article for?

  Application administrators managing user permissions.

This article provides guidance regarding a change in functionality with the next version of Ideagen Internal Audit and Ideagen Risk Management, due mid-June (exact date TBC).

The current model

In Ideagen Internal Audit and Ideagen Risk Management many types of object (e.g. Audit, Objective, Risk etc.) are assigned to a Location.

You can give users access to a specific record by assigning a Group to its Location.  Any user within the Group will be granted access to all records in that Location.

The change

In v1.11 we will be adding similar functionality around Processes.  This means that in order to see a record linked to a Process, a user must be a member of a Group that is assigned to that Process.

The Impact

From v1.11, a user will be able to see a record only if they are in a Group or Groups that can access both the Location and Process.

For example:

I am a user in a Group linked to the Location “USA”, and a Group linked to the Process “Accounts Payable”.

  1. I will have access to all the objects with “USA” (and its children) and “Accounts Payable” (and its children) as their Location AND Process.
  2. Any record with “USA” as its Location and a Process that is not "Accounts Payable"  will be hidden from me, because I do not have access to both the Location AND the Process.
    1. If records do not have a Process set then I will still have access to them.

Location will remain a mandatory field on all these objects but Process will not be made a mandatory field.  Any record without a Process will be accessible to all users that have access to that Location.

Administrators will continue to be able to see all records.

Assigned users and owners will still have access

The behaviour for Audit owners and users assigned to an Audit will not change; they will still have access to that Audit.

To prepare for the change

We are making you aware of this in advance of the v1.11 update so that you can prepare for the change.  This is important because users who previously had access to records may no longer have access to those records.

Crucially, this situation can be resolved only after the update is released, because in the current version there is no way to assign Groups to Processes.

So, to prepare for the change:

  1. You should consider creating Groups which align with how you have set up Processes.  That may mean creating Groups for different Processes and assigning users to those Groups.
    1. Then, after the update, assign these Groups to Processes
  2. If you do not need to restrict access based on Process:
    1. Either:
      1. Create one Group for all users
      2. Add that Group to the top Process in the hierarchy
    2. Or:
      1. Add all of your current Groups to the top Process in the hierarchy

Note that the same Groups can be used for Locations and Processes.

 

Would you consider this article helpful? 0 out of 0 found this helpful
Looking for more help? Ask the community

Sections

Powered by Zendesk