Standard Roles for xTuple

 

ereeves's picture
Posted Fri, 07/09/2010 - 10:40 by ereeves

xTuple does not come with standard roles sets of privileges per function or department.

Therefore I have setup a Role-Privileges Classification Matrix to develop sets of standard roles for xTuple. I have setup roles called Accounting Staff, Accounting Manager, Sales Staff, Sales Manager, Procurement Staff, and Procurement Manager.

I have also attempted to risk-rank them. I then tried to determine what was required by a staff person and privileges that should be restricted to managers only.

I welcome feedback on the matrix …. Are the sets of privileges appropriate, too restrictive or too extensive? Have I correctly risk-rank the individuals privileges? I would also welcome it if someone wanted to take a stab at developing a role for warehouse staff and managers.

I think the bottom-line is - what is the appropriate set of privileges of a particular role. The risk is that a role (and/or a user) could be given more privileges than are needed to perform his job function.

Mon, 08/02/2010 - 14:28
#1
gmoskowitz
gmoskowitz's picture
User offline. Last seen 3 days 7 hours ago. Offline
Joined: 12/10/2008
Re: Standard Roles for xTuple

ereeves,

This is a nice start on developing standard roles. Thank you.

A few general comments:

  • There are lots of ways a company could use Incidents and ToDo items, so I'm not sure if there is a reasonable allocation of the AddIncidents, MaintainIncidents, and MaintainPersonalTodoList privileges.
  • The MaintainIncidentCategories, -Priorities, -Resolutions, -Severities privileges should be kept very restricted. These control the list of categories, priorities, resolutions, and severities. These privileges do not control the ability to change the category, priority, ... of any particular incident.
  • The same is true of MaintainOpportunitySources, -Stages, -Types.
  • Several of the privileges in the Products module should probably be granted to managers in Accounting and Procurement, like CreateCosts, EnterActualCosts, and UpdateActualCosts.
  • All of the privileges have a risk level of M or H. It might be helpful to classify some as L(ow) just to help determine the range. For example, MaintainTitles is Low risk (editing the list that contains "Mr", "Miss", "Dr", ...) while SynchronizeCompanies is High risk (it controls whether a user can update the Chart of Accounts and trial balances with data from another company in a different database).

Question: what other roles do you see as standard? For example, does Shipping and Receiving fall under Warehouse staff and management or is that a separate department?

Gil

Top
Tue, 08/10/2010 - 07:15
#2
ereeves
ereeves's picture
User offline. Last seen 1 week 6 days ago. Offline
Joined: 05/22/2010
Gil, Thanks for the input.

Gil,

Thanks for the input. It would be helpful if I had a brief description of the privileges. Many are self-explanatory but others required some description in order to fully understand the privileges

There are definitely other “standard” roles that could be developed; however, I think the first issue would be to compile brief descriptions and properly risk-rank the privileges.

Eden (ereeves)

Top
Tue, 08/10/2010 - 09:04
#3
gmoskowitz
gmoskowitz's picture
User offline. Last seen 3 days 7 hours ago. Offline
Joined: 12/10/2008
Re: Standard Roles for xTuple

Eden,

Yes, it would be very helpful to have descriptions of the available privileges. There are over 400 in the PostBooks database and almost 500 if you include xtdesktop, xtpos, te (Time/Expense Lite), and the proprietary xtmfg and xtbatch packages. We keep getting requests for more, too.

Documenting the privileges is a big project. I've started by creating http://www.xtuple.org/core-privileges and its child pages, one for the core plus one for each package. Anyone with privilege to edit the xTuple Wiki can modify these pages (Eden - you have this privilege).

Gil

Top
Tue, 08/10/2010 - 09:28
#4
ereeves
ereeves's picture
User offline. Last seen 1 week 6 days ago. Offline
Joined: 05/22/2010
Re: Standard Roles for xTuple

Again ... thanks Gil. Could we get a column for "Risk Level"

Top
Tue, 08/10/2010 - 11:13
#5
gmoskowitz
gmoskowitz's picture
User offline. Last seen 3 days 7 hours ago. Offline
Joined: 12/10/2008
Re: Standard Roles for xTuple

done - risk column added to all 5 pages

Top