NOTES:
- Only users who already have existing access to Security Roles can log on and manage other user roles. A user cannot assign a role above their level but only assign roles at the same level or lower to another User. (The Admin role is used in this example.)
- Users must have wages assigned or attached to use the Time Clock menu.
- WashConnect does not monitor payroll distribution.
Before you create Users and Security Roles, review the following example to understand the Levels and Organizational Layout.
In the next image, you will see six security roles that were created. The default Admin security role is listed first.
- The first two roles, Mid Atlantic Controller and Mid Atlantic Manager, are for reporting and administration of the Mid Atlantic Region group.
- Regional VP is for reporting and administration across both regions.
- The last two roles, Tri-State Controller and Tri-State Manager, are for reporting and administration of the Tri-State Region group.
Notice how four of the security roles are assigned to an Entity. One, Regional VP, is assigned to the Corporate level. A security role can be assigned to either an Entity or a Level, but not both.
With all this in place, we can look at the privileges assigned to each Role.
In the above illustration, two roles are shown:
- Mid Atlantic Manager is given permission to all activities in the following menus: Clubs and Configuration.
- Mid Atlantic Controller is given permission to all activities in the Reports menu.
If we were to look at the privileges for the remaining roles, we would see that the Tri-State Manager and Controller roles follow the same strategy as the Mid Atlantic Manager and Controller. The manager role has access to administrative tasks, while the controller role has access to reporting tasks.
The privileges for the Regional VP role could include access to all menu items, both administrative and reporting.
When we look at the User dialog boxes, we can put all the pieces together.
In the above figures, users are RAYCOUNTERMAN[1004] and MITCHCOUNTERMAN[1010].
- Ray is assigned to the Mid Atlantic Controller role from Mid Atlantic Region.
- Mitch is assigned to the Mid Atlantic Manager role from Mid Atlantic Region.
When you actually assign roles to each user, the Role table is generated for you based on what you select in the Group box. For example, if you select Mid Atlantic Region in the Group box, the Role table shows three options: Mid Atlantic Controller, Mid Atlantic Manager, and Regional VP.
Finally, we can look at the user assigned to the Regional VP role.
In this illustration, DEBCOUNTERMAN[1001] is assigned to Regional VP role from the Mid Atlantic Region group.
The list of the three example users appears in the Manage Users tab.
Logon selections are restricted on the logon screen.
In the above illustrations, Ray attempted to log on at the Corporate Region. The error message "Not authorized to logon to Corporate" appears. Valid selections include Tri State Region and all child locations underneath it.
In the above illustration, the first menu appears for users who log on with the role of Tri-State Controller or Mid Atlantic Controller. The second menu appears for Tri-State Manager or Mid Atlantic Manager.
The user RAYCOUNTERMAN[1004] is a controller. His Role is Tri-State Controller. He can log on at the Tri-State Region group, and he has access to reporting menu items. Therefore, Ray would see a Configuration menu similar to the one shown in the first example.
The user MITCHCOUNTERMAN[1010] is a manager. His Role is Tri-State Manger. He can log on at the Tri-State Region group, and he has access to administrative menu items. Therefore, Mitch would see a Configuration menu similar to the one shown in the second example.