Built-in Security Policies
- Scott Davey
- Jennifer Joseph
- Joanne Hocking
- Peter Kakris
Crisisworks Security Policies are the building blocks used for creating positions, where each position comprises multiple policies. Crisisworks includes a range built-in security policies as detailed below.
This article details security policies. If you are looking for built-in positions, read the article Built-in Positions for Local Government users.
Naming conventions
The following naming conventions are in use:
- "Coordination" — means full access to data with assignment and moving
- "Officer" — means full access to data without assignment and moving
- "Basic" — means limited access only to assigned events and/or records
- "ReadOnly" — means the user cannot write or create
- "New" — adds the ability to add a new record
- "Special" — means a custom rule that does not fit any convention
Additionally, the following register group names are used:
- "recovery" means all the registers in the recovery module
- "operations" means request, message, offer, log, contact
- "reference" means "wiki"
Built-in Security Policies
The following policies are built into most Crisisworks installations.
| Name | Description | Developer Tag | Developer ID |
|---|---|---|---|
| Base policies | |||
| Base User Policy | All users get this by default. Can edit own profile, and access the log and contact registers | Base | baseUserPolicy |
| Developer | Access to the policy development and system diagnostics screens | Base | policyDeveloper |
| Super-user | Super-user, with access to all events and all features | Base | sysAdmin |
| Manage Assets and Resources | Can manage assets and resources | Base | assetAdmin |
| Manage system settings | Can access all of the settings screens | Base | settingsAdmin |
| Manage users, organisations and positions | Can manage users | Base | userAdmin |
UserAccess | Can view the users list | Base | UserAccess |
| Event policies | |||
| Events Coordination | Full management and coordination to all events, with the power to create new events. | Council | eventCoordination |
| Event Coordination Limited | Full management and coordination to events in which the user is participating. | Council | eventBasic |
| Events Create & Manage | Can create and edit events from templates you have access to | Council | eventsCreation |
View Event | Can View an Events’s overview details such as positions & people on duty | EventView | |
| Recovery policies | |||
| Recovery Coordination - full access to recovery data | Full read/write access to recovery data within involved events, with the ability to manage assignments and moving records between events. | Council | recoveryCoordination |
| Recovery Officer - full access to recovery data | Full read access to recovery records within involved events, and ability to edit assigned records. | Council | recoveryOfficer |
| Recovery Admin | Recovery Admin - Full access to recovery data without ability to assign or move | Council | recoveryAdmin |
| Recovery Limited | Limited read/write access to recovery records within involved events where the data is assigned or shared. | Council | recoveryBasic |
| Recovery Read Only | Access to all recovery records within involved events but cannot update. | Council | recoveryReadOnly |
| Recovery Read Only Assigned | Limited read-only access to recovery records within involved events where the data is assigned or shared. | Council | recoveryBasicReadOnly |
| Recovery Limited with New Case | Adds the ability to create new recovery cases and associated sub-records. Note: this needs a read-write policy such as recoveryBasic as well. | Council | recoveryBasicNewCase |
| Operations (Request, Information) | |||
| Operations Coordination | Full read/write access to operations data within involved events, with the ability to manage assignments and moving records between events. | Council | operationsCoordination |
| Operations Officer | Can edit all requests, can not assign or add resources Can view and edit all Contacts Can view and edit all Information and Log records: Can edit records they create | Council | operationsOfficer |
| Operations Admin | Access items in participating events, can update all but not assign or move. | Council | operationsAdmin |
| Operations Limited | Limited read/write access to requests within involved events only where the data is assigned, and limited read-only access to information within involved events where the data has been shared, or where the user is the author. Can view and edit Log items Items they have created. | Council | operationsBasic |
| Operations Read Only | Can view all operations items in participating events but cannot update | Council | operationsOfficerReadOnly |
| Operations Read Only Assigned | Limited read-only access to operations records within involved events only where the data is assigned or shared. | Council | operationsBasicReadOnly |
| Offers | |||
| Offers Coordination | Full read/write access to offers within involved events, with the ability to manage assignments and move records between events. | Council | offerCoordination |
| Offers Officer | Full read access to offers within involved events, with the ability to edit and re-assign data that is assigned. | Council | offerOfficer |
| Offers Limited | Limited read/write access to offers within involved events only where the data is assigned | Council | offerBasic |
| Offers Read Only Assigned | Can view offers they have been assigned | Council | offerBasicReadOnly |
| Logs | |||
| Log Coordination | Can see and edit all Logs | Council | logCoordination |
| Log Officer | Can see and edit all Logs | Council | logOfficer |
| Log Read Only | Can see all logs but not update | Council | logReadOnly |
| Information | |||
| Information Coordination | Can see and edit all information items. | Council | messageCoordination |
| Information Officer | Can see all information items and update own. | Council | messageOfficer |
| Information Basic | Read/write access to information items created by or assigned to the user. | Council | messageBasic |
| Library (previously 'reference') | |||
| Library Officer | Full read/write access to reference items in involved events | Council | referenceOfficer |
| Library Access | Full read access to reference items in involved events | Council | referenceAccess |
| Special Policies | |||
| Manage Resources | Can view and edit resources | Council | specialResourceManager |
| Resource Assignment | Can assign resources within the request form | Council | specialResourceAssignment |
| Send Announcements and SMS's | Can send announcements from the Information register | Council | specialAnnouncer |
| Finance Access | Can access the finance module, if licensed. | Council | specialFinance |
| Publish & Promote items | Can publish “Promote” items to the Dashboard | Council | specialPublisher |
| Access to recovery analytics | Access to the reports in folder “Recovery reports" | Council | analyticsRecovery |
| Access to operations analytics | Access to the reports in folder “Operations Reports" | Council | analyticsOperations |
Access to offers analytics | Access to the reports in folder “Offers Reports" | Council | analyticsOffers |
| Access to base analytics data | Can access the analytics system and the base system reports. | Base | analyticsBase |
| Access to system analytics | Access to the reports in folder “System Administration Reports" | Base | analyticsSystem |
Access to Resource analytics | Access to the reports in folder “Resource Reports" | Base | analyticsResources |
| Public User Policy | This is a special policy used for the general public to submit new forms into Crisisworks. - Do not use this unless directed by Datalink to do so | ||
| VPR | |||
| VPR Coordinator | Council only Position Gives VPR Access and Coordination Access. Will not work for users that aren’t from Council Organisation. | Council | specialVprCoordinator |
| VPR Access | Council only Position Gives VPR Access. Will not work for users that aren’t from Council Organisation. | Council | specialVprAccess |
| Rostering | |||
| Access to own Roster Availability | Provides users an ability to view and edit their own availability records for the rostering system. This is enabled by default for all new positions. | Base | rosterAvailabilityAccess |
| Roster Coordinator | Provides full access to manage rosters, view and edit availability and generate reports. | Base | rosterCoordinator |
| Roster Access | Provides read-only access to the roster user interface. | Base | rosterAccess |
| FPN | |||
| Fire Prevention Administrator | Full access to the FPN Registers with bypass workflow access | FPN | fpnAdministrator |
| Fire Prevention Coordination | Full access to the FPN Registers | FPN | fpnCoordination |
| Fire Prevention Officer Access | Access all FPN items in participating events. Can Edit assigned items | FPN | fpnBasic |
| Fire Prevention Read Only | Limited read-pnly access to FPN items in participating events | FPN | fpnApiReadOnly |
| Fire Prevention Assigned Task Access | Can access assigned FPN Tasks | FPN | fpnTaskOnly |
| Fire Prevention Create & Manage Events | Can manage and create FPN events | FPN | manageFpnEvents |
| Access to FPN analytics | Access to the reports in folder 'FPN Reports' | FPN | analyticsFpn |
| Route Tracking | |||
| Provides ability to create a | |||
Register Permissions Glossary
When viewing configured register security permissions, the following access options are available.
| Name | Description |
|---|---|
Can access the register | The user can see the register in navigation |
Can access a set of items | The user can view lists of items in data grids and lists |
Can indirectly update an item | Can edit items that are embedded in sub-forms |
Can directly see the register in the user interface | Controls whether this register is included user interfaces such as navigation |
Can directly view an item | Can view a full item record in the UI and via the API |
Can directly create an item | This controls the "New" button on the UI, and allows top-level items to be created |
Can directly edit an item | Controls the "Edit button on the UI, and disallows top-level edits to items |
Can assign an item | Can assign items to users, positions and resources |
Can add a comment to an item | Can add a note to be added to the history of a record using the yellow comment box |
Can move an item between events | Can move items between events including global workspace events. |
Can see the unassigned counter | Can see the counter for non-assigned, active records |
Can create an item without Register Workflow Restrictions | Can bypass workflow states to set any status code at any time |