Roles
Register roles, which can be associated with a person or a vehicle to set permissions and validations, among others.
In Senior Round X, the role:
- represents a function that people can have in a company, from workers who go to the location every day to visitors who will be at the building only once;
- determines which access validations are verified for the person, effectively controlling which places can be accessed, at what time and how;
- defines which system screens will be made available and which registers may be manipulated by the person;
- manages vehicles, as well as people.
A person can have more than one role, and a role can be used by many people.
Example
Create roles for jobs such as "Employee", "Manager" and "Analyst", for functions such as "Implementation Agent", "Supervisor" and "Security", or for specific situations such as "Visit for worker" and "Visit for the CEO".
What you can do:
Add roles
- On senior X Platform, go to Access Control and Security Management > General registers > Roles;
- Click on Add and fill in the role Name;
- The select:
- Receive visit: for the added role to be able to receive visits;
- Temporary credential: so that the role may be assigned to a person during the issuance of temporary credentials. Usually for visitors;
- Send email to the visited person: if this checkbox is checked, when a temporary credential associated with this role is issued, the selected visited person will receive an email notifying about the visitor's arrival. The preferential email address of the person will be used. This option is only available when the Temporary credential checkbox is checked;
- Index photo of associated people: this option is shown to clients who have the facial recognition and the photo indexing enabled. Upon checking this checkbox, all people who have this role will have their photos indexed. Please note that this operation may generate additional costs (both when activating and deactivating photo indexing);
- Integrated: This check box is read-only and indicates whether the role was created by the Ronda senior X integrator. If it is selected, the user will not be able to edit the role name or delete it.
- Import integrator holds: this option will only be displayed if the client has integration with the Ronda Senior and/or People Management systems | HCM. If it is checked, any absence registered on the mentioned systems will suspend the role in question. Using this check box, the client informs in each role whether he would like the suspensions carried out in the roles of the mentioned systems to also apply in Ronda senior X. By default, all roles coming from the integrator already have this check box selected , and it cannot be deselected. However, if the role was created by Ronda senior X, it is possible to edit this selection.
- Click on Save.
During the registration, there's an option to associate the role with the people desired. However, the role may be created in advance for later use.
To delete roles, in Role consultation, click on List all or fill in the Search field to find the role, click on the desired role and, at the end of the screen that opens up, click on Delete.
Define validations
After registering the role, define the validations that the people and vehicles associated with it will control. Click on Edit and set an item as Enabled for it to be controlled during the access validations of the person.
If a role has any items set as Not set, the system will consider their definitions from other roles that the person has and/or the settings defined for the location. After choosing the validation options, click on the Save button.
Example:
Scene 1
: The user has the Analyst and Manager roles. The Analyst role has the itemAnti-double control defined asNot configured. The Manager role has this item defined asDisabled. With this, the user will be able to check the anti-double controldisabled, since one of your roles has this field defined asDisabled and the other role did not configure it.
Scenario 2:
The user has the Analyst and Manager roles. The Analyst role has the itemAnti-double control defined asActivated and the role of Manager asDisabled. In this case, the user will have the anti-double control checkdisabled, because the paper that is configured asDisabled overlaps with whatever isActivated.
Scenario 3:
The user has the Analyst and Manager roles. The Analyst role has the Controls Antipassback item defined as Not set. The Manager role has this item defined asActivated. With this, the user will be able to check the anti-double controlactivated, since the role defined asNot configured will have no influence.
| Anti-double paper control 1 | Anti-double paper control 2 | Anti-Double Control Check |
|---|---|---|
| Not configured | Disabled | Disabled |
| Activated | Disabled | Disabled |
| Not configured | Activated | Activated |
Validations:
- Check level: controls the access levels, checking whether the ID Card is carrying out an access according to the logic order between the locations, defined by their levels;
- Check antipassback: activates the AntipassbackAntipassback is the name given to a number of features in the access control system designed to prevent users from giving their credential to another person trying to obtain access authorization. Examples of the use of anti-doubling can be: in a parking lot, when the administrator wants to prevent unauthorized people from using free spaces; or as prevention in dangerous areas, where it is important to know exactly who is in the physical location at the time of an event or emergency. When using anti-double control, the concept of reader sense is introduced. This means that a configuration allows the reader to identify whether the event is an "input" or an "output" event. Therefore controlled areas must be registered, and both the person and the areas must be configured to enable this control. The respective readers must be configured so that they indicate to which controlled area they go in and go out. control, preventing the same ID card from accessing the same direction twice (entry or exit) in a short time interval. When activating this control, a window will be shown requesting the Antipassback expiration time, in minutes;
- Check access credits: when active, this validation determines that the role will control its access through credits;
- Controls the person's time slot: associates the person's time slots with the paper, which can come from the screenSlots,Release of the person's time slot and/or thetime slot control of the Senior Round). If it is active, validation is done based on the associated scale (which defines the time slots per day);
- Check location timeslot: associates a timeslot with a location. Then, if this control is active, the validation is done by the timeslot of the location that is being accessed;
- Check in-between workdays: controls the entry of workers obeying the in-between workdays rules and the access configurations of the physical locations. When Activated, the configuration of the following fields will be requested:
- Tolerance time (minutes), which corresponds to the tolerance time for pauses. If a worker takes a break longer than the value defined in this field, the system will block his/her access and consider the start of the in-between workdays period;
- In-between workdays duration time (hours), which refers to the minimum break time between the end of an in-betweek workdays period and the start of a new one.
Example:
Joseph has a tolerance time of 120 minutes configured for his Worker role. After taking a break of 180 minutes (3 hours), Joseph's access will be blocked and he will have to wait for the in-between workdays duration time configured on the system with the 12 hour value to have his access allowed again.
When Disabled, the in-between workdays is universally disabled for the worker, regardless of it having other roles for which this control is active.
Example:
Renato has the role of Contributor configured with interwork controlActivated and also has the role of Director, configured with inter-day control asDisabled. This way, Ronald will have his access released at any time, not obeying the in-between workdays rule, as the control is disabled in a universal manner by the Director role and overlaps the configuration of the Worker role.
When Not set, the in-between workdays is individually disabled for the role in question, not interfering in other roles that may have this control active.
- Check permission: if this control is active, the role may only access the authorized physical locations or locations which have devices that are associated with the role. Upon enabling this validation, you can define the physical locations and/or the device readers;
- Customized validation: enables the role for customized access validations.
Manage screen permissions
After registering a role, manage its permissions.
Operations likeTo view,Include ,To edit It is Delete Certain types of information can be activated or deactivated for a registered role. This will determine what information can be accessed or changed by users who have this role in the system.
For a screen to be visible to the user, they must have permissionTo view corresponding to that screen. If he is only allowed toInclude a registration, for example, the screen for that registration will not be shown.
Note
If a role's permission is modified, it may take up to 2 minutes for the changes to be applied.
The total permission of the user for the system functionalities will be equal to the sum of the permissions from all of his/her roles.
Example
A user has the Analyst role for driver registrations, and this role has permission toTo view. The same user has the Support role for driver registrations, and this role has permission toDelete. This way, the user will have the permissionsTo view It isDelete for driver registrations.
If the person logged into the system has a paper that has the option markedTo edit to "Occurrence handling", she can change the Priority on the screenIncident management.
Add ranges
After registering the role, add, edit or delete its ranges, limiting the registers that may be viewed by people associated with it. If the role needs to view only certain groups, locations, roles or organizational structures, make this restriction by filling in the fieldsAdd paper, Add location , Add group,Type of occurrence, Add company , Add branch , Add cost center , Add job title , Add org chart , Add other companies It is Add contract.
Add people
In General registers > Roles, in the People section, click on Manage people who have roles. Then, in the Add person field, find the person you want to add to the panel by name, click on him/her and the person will be associated with that role.
To delete a person, in the same location, click on Edit and then on the trash can icon in the row corresponding to the person that must be deleted.
In addition to using the Roles screen to associate a role with a person, this association can me made at Access Control and Security Management > General registers > People and associating more than one role to the same person. In Access Control and Security Management > Access control > Temporary credentials > Deliveries, you can also associate a person with a role. To associate a role with a vehicle, access the respective screen at Access Control and Security Management > General registers > Vehicles.
To manage people who have the role, add, edit or delete the people associated with the created role.
Role suspension
The role suspension consists of the temporary removal of the rights from a person which are related to a role linked to him/her. The roles associated to a person have a start date and can also have a final date that defines their validity. In some situations it may be necessary to disregard a role for a person during a determined period, which can be done through this resource.
When registering a suspension, the system will treat the person as if it is not associated with the role during the defined time. After this period, the role will have its normal operation in relation to the person. In other words, it can be said that suspending a role is equivalent to a worker absence.
In case a user has all roles suspended, he/she will not be able to access the system during the parameterized period.
Suspend roles
- Go to General registers > People and click on the register of the person from who you want to suspend a role;
- In the register of this person, find the Roles section and then click on Edit;
- In the role list, click on the role which must be suspended. This will show the suspensions already registered for it;
- Click on the Add button in the Suspensions item;
- In the window that opens, fill in the Start date of the suspension and the Note describing its reason, for example. If the start date of the suspension is earlier than or equal to the current date, the Start date field will be disabled;
- The End date is optional. Fill it in if you want to define a date on which the suspension will end. If this field is not filled in, the suspension will last indefinitely;
- To finish the registration, click on Save.
Define or verify whether the location validates suspensions
A physical location may or may not consider role suspensions, depending on its definitions. It may be defined, for each physical location, whether it will control suspensions for the people accessing them.
- On senior X Platform, go to Access Control and Security Management > General registers > Physical locations;
- Select the desired location and click on View;
- In the Validations section, verify whether the Check role suspension (absences) item is enabled or disabled;
- To modify this option, click on the Edit button of the Validations section and change the value of the Check role suspension (absences) item. Click on the Save button to confirm this change.
