Operator Roles

Gabriela Peralta - Versasec
Gabriela Peralta - Versasec
  • Updated

Introduction

It is possible to configure what roles, or operations, that an operator can perform from the Options - Roles page. These operations encompass credential lifecycle operations and restricting what configurations an operator can carry out in vSEC:CMS.

Configure Roles

The operations that an operator can perform are configurable from the Options - Roles page. The default roles that an operator can have are System Administrator, Elevated, Normal, Restricted and Key Recovery.

The operations that an operator can be restricted to are:

  • Viewable+Execute: The operator can view and perform the particular operation;
  • Viewable: The operator can only view the particular operation;
  • Hidden: The particular operation will be hidden from the operator.
Note
To reset the permissions to the default settings click the Reset all permissions button.
Note
It is possible to clone an existing role by clicking the Clone button. The new cloned role can then be configured with specific permissions as required.

In this section, we will use a simple example to describe how a role could be changed. In this example, we will change the default permissions for a role of type Restricted.

1. Browse to Options - Roles page. Select the role from the Filtered by role drop-down list and click Edit.

2. By default, the role Restricted is limited to unblock operations. In this example, we will change the default role settings to allow this role to perform credential registration operations. From the top window select the Register Card action and click Delete.

The action will be moved to the bottom window.

3. Then select the Register Card and from the drop-down list select the Viewable+Execute option and click the Add button to set this permission.

Click the Save button to complete. The action will be added back into the top window with the updated operation now in place.

Note
If you are making changes to a role it is important that there are no actions left in the bottom window of the edit dialog otherwise it will not be possible to save any changes made.
Note
Currently it is not possible to delete an already created role.

Configure Operator Permissions on Credential Template

It may be required to set granular operator permissions on specific credential templates. For example, you may wish to restrict operators who have a role of System Administrator to be the only operators allowed to issue end user credentials.

In this section, an example of how to configure a credential template where the permissions set will restrict only operators with a role of System Administrator to be allowed to issue credentials from the Lifecycle page.

Enable Access Right

In order to configure what operator role will be allowed to perform specific lifecycle functions the setting needs to be enabled for the specific credential template.

1. Select an already created credential template from Templates - Card Templates and click the Edit link for General.

2. Enable the Access rights per individual lifecycle tasks checkbox and click Ok to save and close the dialog.

Configure Permission for Issue Card

1. Click the Edit link for Issue Card.

2. In the Permissions section click the Edit button.

3. For the Roles select System Administrator as we want to restrict operators who have a role of System Administrator to be the only operators who can perform credential issuance in this example.

4. The Permissions section will now show that only operators with System Administrator role will be able to perform this task. Click Ok to save and close the dialog.

Delete Operator Role

It may be required to delete an operator role, for example, an operator role was created for testing purposes and now it is no longer used and therefore needs to be deleted. From version 6.12 it is possible to delete a role. Follow the instructions below to delete a role.

From Options - Operators select the role you wish to delete. Then click the Delete button to remove this from the system.

Untitled.png

Note
It will not be possible to delete a role if the role is assigned in a card template. You will need to remove the role from any card template that it is assigned to before the delete can be performed.

Update New Permissions in Role

Over time new role permissions are added to the system. vSEC:CMS will only update the original default roles, i.e., System Administrator, Elevated, Normal, Restricted and Key Recovery when new permissions are added. From version 6.12 it is possible to add any newer permissions to roles that were created as custom operator roles. Follow the instructions below on how to perform this task.

From Options - Operators select the role you wish to update and click Edit.

Untitled.png

Enter the keyword Not into the Search field to filter all permissions that you have not yet configured and add them as per your requirements for the role and Save to update and complete.

Untitled.png