Rights management

Owned by Erich Must Wessel
Last updated: Jul 31, 2024
3 min read

This article relates to vrs 22 of the software. From v.22 we have introduced several rights groups. In addition, the menu system has been changed so that the user sees only the menus he needs based on his rights. The explanations below explain how this works.

A. SharePoint right groups

Rights group

Description

Rights group

Description

QM365 Members

Access Level: Contribute
Can view, add, update and delete list items and documents.

Relevant to
Process owners: To be able to delete graphical elements and processes, while creating process maps.
Document owners: To be able to delete documents/PDFs or change the name (file name) of a document.

Notes
Can delete all types of data in the system in most lists/libraries.

QM365 Owners

 

Access level: Full control
Full control

Relevant to
IT responsible: To be able to manage the user rights of the employees.

Notes
Can delete the entire system.

QM365 Visitors

Access level: Read
Can only display pages and list items and download documents.

Relevant to
Temporary access to, for example, auditors.
Microsoft 365 provides the opportunity to invite these as external users.

Notes
Remember to remove the access when it is no longer relevant.

SIMPLI Members without delete rights

Access level: Contribute
Can view, add and update list items and documents.

Relevant to
All employees: To be able to enter cases and measures in Better.
We recommend using mail or an AD group, maintained by the IT department.

Notes
Ordinary users should not be able to delete data. In general, data should not be deleted in the system, rather deactivated or archived. If data is deleted, you lose historical connections and relationships.

B. Admin rights to fuctions

These rights are for admin rights only. Standard user-rights are given through the rights above.

Rights group

Description

Rights group

Description

All administrator groups

The rights are controlled by a script and are only dependent on membership in this group. Cannot be granted to AD groups.

QM365 Better Administrators

Can override and edit all cases, measures and verifications in Better regardless of ownership.
Can edit the Organization list in Manage.

QM365 Competence Administrators

Can see and carry out personnel assessments and see the Competence Matrix regardless of ownership.
Other access is granted to the employee and his manager.

QM365 Document Administrators

Can edit/approve all documents in the Document Workspace regardless of ownership.
Can quickpublish documents.

QM365 Information security Administrators

Has access to all menus and functions regarding information security.

QM365 Process Administrators

Can edit all process cards, process pages, process descriptions and activities regardless of ownership.
Can edit the Organization and Process list in Manage.

Notes: Others can only edit their own processes.

QM365 Project Administrators

Has access to create project rooms.

QM365 Risk Administrators

Can edit all risk groups, risks and risk evaluations regardless of ownership.

QM365 Whistleblowing Administrators

Gives full access tot he WB module. Noe one else ca access this module

QM365 System Administrators

Has access to all menus and functions.

 

C. Access to Functions and reports

As you gain ownership of data, the system will automatically grant access to menus where this data is found. E.g. if you are not involved in any projects, you will not see this menu, but if you become a member of a project, this menu will appear.

D. How to add people to permission groups

image-20240731-072011.png

To add people to the different user groups, the logged-in user must be in the Owner group. Add one or more users to a user group like this:

  1. Click Administration > Roles & access

  2. Click on the pencil icon for the user group to add/remove users in

  3. ADD USER(S)

    1. Click "New - Add users, Add users to this group"

    2. Enter the name of the user(s) and select them from dropdown

    3. We recommend not writing any message in the text field, unless you want to give a specific message to the user.

    4. To prevent an email notification from being sent to the user, click "Show Options" and uncheck "Send an email invitation" (for example, if you add a user to an administrative group). Keep the tick that is the first time the user stays if it is to the system. Instruct first-time users that they must access the system for the first time through the link in the email sent out by the system when they click "share".

    5. Click "Share"

  4. REMOVE USER(S)

    1. Mark each user you want to remove

    2. Click “Actions”

    3. Click “Remove users from Group

E. Checking a user's rights

SharePoint membership groups

To check which rights a particular user has, follow this recipe:

  1. Click the gear at the top left and Go to “Site settings”

  2. Click "Go to Top-Level Page Settings" under "Site Collection Management"

  3. Click on the "Site permissions" menu

  4. Click the "Check Permissions" icon

  5. Enter the username of the person and press Enter

System rights

To check which groups a logged-in user here is a member of, use this method

  1. Log in to the system

  2. Press F12

  3. Select the "Console" menu at the top

  4. At the blue arrow where you can enter text, enter this text “simpli.mainMenu.data.SystemRoles”

  5. You will then be able to see right below the name of the groups the person is a member of, such as here