1. Using Access Certifications
  2. Secure the Certification

Secure the Certification

When you finish working in the Attachments region, a Security Assignment region becomes active. In it, select individual users or groups to participate in the certification. (For information on creating groups, see Manage User Assignment Groups.)

Because you're initiating the certification, you're selected automatically as its owner. As you select other users:

  • You authorize them as owners, editors, or viewers. These authorizations provide differing levels of access to the certification as a whole. Only owners can initiate certifications, but editors and viewers have lower levels of access to the features owners use to initiate and oversee certification projects.

  • You also enable them to serve as role managers or certifiers. These authorizations determine the parts users may play in a certification after it's initiated.

The following descriptions assume you assign the predefined Access Certification Administrator job role to all users.

An owner has the widest-ranging access:

  • Before the certification is fully initiated, she can edit its general settings, attach documents, add or remove users and set their authorizations, create scoping filters, and finalize roles.

  • After the certification is initiated, she can edit some general settings, add or remove attachments, and edit security assignments. She can also use the owner overview, drill down from it to manager overviews and certifier worksheets, reopen submitted worksheets, and either terminate or finalize the certification.

  • If you enable her to be a role manager, she can be assigned to manage a set of scoped roles, and can use the manager overview page to supervise the certifiers of those roles.

  • If you enable her to be a certifier, she can be assigned to review a set of scoped roles for certification, and can use the certifier worksheet to do so.

Neither an editor nor a viewer has access to the certification until it's fully initiated. At that point:

  • An editor can see the pages in which owners initiated the certification. The editor can edit general settings and attachment selections just as an owner can, but can't edit security assignments.

  • If not authorized to be a role manager or certifier, both editor and viewer have view-only access to the owner overview, and can drill down from it to manager overviews and certifier worksheets.

  • You may enable an editor or a viewer to be a role manager. If so, the user loses access to the owner overview, but can be assigned to manage a set of scoped roles for a certification, and can use the manager overview page to supervise certifiers of those roles. The user (whether editor or viewer) can reopen worksheets submitted by certifiers, or submit them to owners.

  • You may enable an editor or a viewer to be a certifier. If so, the user loses access to the owner overview, but can be assigned to review a set of scoped roles for certification, and can use the certifier worksheet to do so. The user (whether editor or viewer) can set status for user-role assignments and can submit a worksheet to a role manager.

Note: A user assigned the predefined Access Certification Administrator job role can be authorized as an owner, editor, or viewer, and as a role manager or certifier. If your organization creates its own roles, your ability to select authorization values for a user, and the rights each authorization grants, depend on which privileges his role contains.

Use the Security Assignment region to select users for the certification. To select individual users:

  1. Click the Add button that corresponds to User Assignments. A new row appears.

  2. In the Name field, search for and select a user.

  3. In an Authorized As field, select Owner, Editor, or Viewer. This field defaults to the highest level of access the user's role permits, but you can select less access. For example, a user may be eligible to be an owner, but you can designate him a viewer for the certification you're initiating.

  4. In an Authorization field, determine what part the user plays in the certification: select Manager, Certifier, both values, or neither value.

  5. Click Save.

To select user groups, click the Add button that corresponds to Group Assignments. Then search for and add one or more groups.

  • Each group is granted only one authorization. As you add a group to the certification, you can view that authorization, but not change it. If it designates Certifier or Manager, group members are also automatically viewers. If it designates Owner, Editor, or Viewer, group members are automatically neither certifiers nor role managers. To combine authorizations, for example Owner with Certifier, create two groups, one with each authorization and both with the same members.

  • A group is available to be selected for a certification only if at least one of its members is eligible for that certification. Groups with no eligible users are excluded.

  • Over time, members may be added to or dropped from groups, or their role assignments may change. This may result in a group having been assigned to a certification but no longer having members who are eligible for it. If so, a warning icon appears next to the group name.

To edit the settings, click the edit icon in row for a person or a group.

When you finish working in the Security Assignment region, click Continue to begin creating scoping filters. Again, you can instead select Save and Close, and reopen the certification later to scope roles.