This article provides practical tips for managing Role Based Access and will be of interest to your association administrator. It discusses how to think about delegated responsibilities in your association and how to map those to individuals to ensure that everyone has the tools to do what they need to do while keeping the Planasport web site secure.

Role based access groups collections of related web pages into arbitrary roles and allows web site users to be assigned to those roles. The purpose is to simplify delegation of responsibilities while maintaining a high level of control over access.

Each web page is assigned to one role. A role may have many web pages. A web site user is assigned one or more roles depending on their delegated responsibilities.

Application Role Descriptions and Codes
Rarely will there be a need to change Application Role Codes or Descriptions. These are only used by the site to control access to pages and are not seen outside the Application Privileges pages. On the other hand it is important to create as many Application Roles as necessary to reflect the delegated responsibilities of your association.

When considering Application Roles think of the organisational roles that individuals carry out and not in terms of the individuals themselves. It is likely that many individuals in your association have multiple organisational roles.

Also think in terms of organisational roles where more than one individual carries the responsibility. Especially consider short term cover for vacations, injuries, or sickness. For example the association Secretary will handle correspondence and can post notices on the Notice Board for future events. When the Secretary is on vacation another member of the association may become responsible for receiving correspondence and updating the Notice Board.

Consolidating Application Roles
In an association where a few individuals carry out many organisational roles there may be the opportunity to simplify security and consolidate the number of Application Roles by reassigning all the web pages to a handful of common roles that are delegated to individuals at the current time.

Although quite practical and possible, this is not recommended because it makes it difficult in the future to delegate parts of those consolidated roles. Consider for example the case of an association Treasurer also being responsible for membership records. If the membership web pages are reassigned to the Treasurer Application Role, it will make it difficult in the future to have the association Secretary pick up responsibility for membership since granting access to the membership pages via the Treasurer Application Role also grants access to Financial and Invoicing pages.

Hiding Functionality
If there are areas of the site that are not used by your association you can hide these areas by creating an Application Role for specific web pages, assign the unused web pages to the Application Role, but not grant that Application Role to any individuals. This effectively removes those pages from the menu system.

It is important to note to always ensure that at least one user has access to the Application Privileges pages. It is possible to lock yourself out of this portion of the site by removing the Application Role that enables access to these pages from all users.

• Prev
• Next