User Roles and Security Groups:
A user’s permissions within FlowWorks are determined by their role(s), and the security group(s) to which they are assigned.
By configuring these roles and groups, the desired mix of access and capabilities can be provided to allow the new user to perform their assigned functions.
These assignments can be implemented to prevent certain users from accessing tools and features that they do not need.
User roles define the capabilities at their disposal – accessing only the demo sites, using the tools on your network of sites that their security group(s) permits access, or creating other new users.
Security groups address the breadth of your network and facilities, such as permitting access or restrictions to sites, channels, and capabilities. For example, adding or editing calculated channels, employing tools like the Rainfall Mass Balance or Inflow and Infiltration.
With the combination of these two attributes, a group administrator can closely control the access and abilities of the users within their network.
User Roles: FlowWorks provides three basic user roles
Demo: Demo users are limited to read only access which enables a limited set of the reporting and analysis tools. Although their capabilities are limited, it gives the user a chance to interact with the program first hand.
User: The role of a user is the default access level. They have full access to the reporting and analysis tools, and creating and configuring calculated channels. However, this access may be limited if the group administrator opts to restrict access and functions by the implementation of security groups.
Note: Unless otherwise restricted, users may see and modify calculated channels, but they are unable to modify raw channels.
Group Admin: A group administrator is typically the primary FlowWorks network contact and is responsible for one or more FlowWorks sites. They have the ability to manage and create user accounts, and can also control access to their sites through the administration tool. Additionally, they have the ability to configure their sites and channels, and through the use of security groups, they have the ability to limit user’s access to their sites and available tools.
Those with the power to create new users cannot create a user with more ability than they have themselves. Nor can they assign a new user to any security group(s) that they do not belong to. They may, however, create users with specified restrictions.
User roles DO NOT inherit the other roles. Hence the role of a group administrator does not automatically include the role of a user. These are separate functions and must be assigned to each necessary user. To be useful, those assigned as group administrators MUST also be given the additional role of a User.
Once a user has been created, security groups may be used to further subdivide responsibility and access within a client’s domain. Security groups may be created to restrict which sites and to which channels, within those sites, the users have access to. Security groups may also restrict the list of tools the users has access to, such as FACE (the FlowWorks Advanced Calculation Engine), Rainfall Mass Balance, etc.
A user MUST be assigned to at least the parent group. This group describes the widest network of sites, channels, and tools to which the user might be permitted access. While security groups give the group administrator the power to create a very granular control over their network, it is possible to build a security structure that becomes cumbersome to manage and maintain. Hence the group administrator should invest a little time in mapping the necessity to permit or restrict access to sites, channels, and tools prior to creating security groups and assigning users thereto.