AuditFindings provide granular control over the access for a user. This control is provided by creating a "Group" and then assigning the user to that Group.
An individual can be included in more than one group. When an individual is in more than one group, their access is cumulative.
The assignee level group, is a default group that is unique. Unlike other groups, individuals within this group can only view issues assigned to them, or issues that they are the owner. The Assignee group is the most commonly used group as the bulk of an organization's people can be included in this group. By defaulting to this group, the individuals are available to be assigned an issue at any time, but are not able to view information that does not relate to them.
All groups can be modified for specific access as outlined below.
To allow granular control of what a user has access, an administrator can create specific groups, and set what components someone has access. "None" hides the item from the user, "Read" provides read only access, and "Read/Write" provide full edit capability.
At any point, users can be assigned to the group via the General tab.
From a user edit screen, groups can also be added the user.
Although groups can be created or modified, there are several default groups available.
- Administrator: has access to all functions
- Assignee: has access to issues they are assigned or are the owner.
- Manager: has access to all audits and issues, but does not have delete capability
- User: has access to all audits and issues, but does not have archive or delete capability
- No Access: no access to the portal. Used to assignee someone to an issue without giving access to the system.
- View Only: Can view audits and issues, but cannot edit. Able to download reports.