Document toolboxDocument toolbox

Assigning Profiles & Scoping

 

PROFILES

Access profiles provide users with various levels of privileges and access to different parts of the Lucidity system, ranging from general user access, manager access to system administrators.

Profiles and Roles

Assigning a profile to a user will remove all previous role and scope assignments excluding home organisation scoping.

Users can only be assigned one profile and these take precedent over any previously assigned roles. The users roles will now be set to match those within the allocated profile.

Assigning Profiles

Access profiles are created by administrators via the Permissions tab in Lucidity Access. Refer to the Profiles page in this user guide for information on how to create a new profile.

To assign a user a profile, from the relevant user account:

  1. Select the relevant profile from the available drop down

  2. Click 'Save'

 

Assigning Roles - Advanced Functionality

It is recommended wherever possible profiles are utilised in preference to roles. However there may be occasional circumstances where profiles don't fit the requirements and roles can be used instead.

 

Access roles are created by administrators via the Permissions tab in Lucidity Access. Refer to the Roles page in this user guide for definitions of each role and the associated privileges.

To assign a user access roles, from the relevant user account:

  1. Select the required module from the tab options

     

  2. Select the required access role from the list

     

  3. Apply scoping as required. Refer to the Define User Scoping section in this user guide below for more details

  4. Click 'Save'

Editing Roles

If a user's profile or role they are assigned changes or privileges in a role they already have been assigned to change, the user will need to log out and back in to the system for the changes to take affect.


Scoping

 

Scoping can be applied to restrict the information a user can view and manage, typically by organisation. For example, Luke Skywalker may be scoped to view records, forms, incidents etc that relate to the Millennium Falcon project but not those that relate to the Death Star project. Scoping can be used for security reasons to keep records confidential as well as for easier management for the end user. If they have no need to view a particular organisations records, it means there is less unnecessary "junk" filling their page within the system. 

Note the scoping via form groups for Lucidity InForm and the various management systems and folders within the filing cabinet for Lucidity Intranet is managed differently and are outlined in detail below.

Points to consider:

  • Scoping is not mandatory - if no scoping is applied, the user has visibility of all records that fall within their access permissions

  • Scoping becomes irrelevant if the user's profile only includes the ability to view their own records, forms, issues etc

  • When assigning scoping, it is important to only apply scoping to the lowest or smallest organisational area

    • If more than one organisation unit is selected for scoping, the user will see ALL records that match ANY of the scoping selections

    • If a division is selected as well as three projects, then the user will see records that match ANY of the selections - the division AND any of the projects

    • See the image below for an example

Home Organisation Unit Scoping

Typically, users only need to view the records for the same organisation that they are assigned to (their home organisation unit) for all modules. This can be applied from the home organisation unit area in the user's account. This scenario is the most common and can be used in conjunction with profiles.

To assign scoping for the same organisation for all modules, from the relevant user account:

  1. Scroll down to the home organisation unit area

  2. Assign the user's home organisations if not already allocated

  3. Tick the 'scope all modules to just this XXX' for the relevant organisational area

     

  4. Click 'Save'

  5. This will be viewable in the Scoping section under each module within the user's account

 


Module by Module Scoping

Module by module scoping can be used when the user needs access to:

  • Organisations that aren't part of their home organisation unit

  • Multiple organisations, such as several projects

  • Different organisations for different modules. For example a safety manager may need access to the entire company's list of issues in Lucidity Incident but only needs to view their local projects completed forms from Lucidity InForm.

To assign scoping module by module, from the relevant user account:

  1. Select the required module from the tab options

  2. From the relevant organisation or field:

    1. Click 'Add'

       

    2. Using the pop-up filter, select the required options - note more than 1 can be selected

    3. Click 'Done'

    4. The selections will be displayed

 

 

Scoping Differences Between Modules

Most module scoping is by organisational units however there are some variances, outlined in the table below. Note scoping becomes irrelevant if the user is only able to view their own records, forms, issues etc.

Module

Scoping Variance

Module

Scoping Variance

Access

No scoping available - administrator access only

Competency

Scoping can be applied via capability jurisdiction meaning the user will only be able to add and view records or needs for those capabilities allocated to that specific jurisdiction.  

NOTE: Jurisdiction scoping will override any organisational scoping and is therefore not recommended. It is advised consultation with Lucidity occurs prior to implementing this approach.

As users with this scoping cannot view all capabilities, it is common for them to think that a capability doesn't exist, even though it possibly does, just in a different jurisdiction.

Contractor

Scoping only available via company

HR

Scoping applied to HR records

Incident

Scoping applied by organisation units related to the individual issues NOT the people involved in the incident

Induction

Scoping available via project and company only

InForm

Scoping applied by organisation units relates to the org units assigned in the individual forms NOT the respondents completing the form

Scoping can be applied via form groups, meaning users can only complete and view forms within the scoped form groups

Note: It is recommended form group scoping is managed via Access Roles where ever possible to manage group scoping rather than on an individual basis.

See the InForm Scoping section below for more details on InForm scoping options.

Intranet

Scoping is not applied by organisation units but rather by the specific Management Systems and/ or folders within the Filing Cabinet. 

See the Intranet Scoping section below for more details.

OnSite

No scoping available - administrator access only

InForm Scoping

There are several ways scoping can be applied to users for InForm. 

  1. Individual Privileges

    1. Typically an InForm general user will only have privileges to view the forms where they are the the respondent to (ie – the person completing the form)

    2. Access Roles above this typically include privileges to view all forms

    3. See the Module by Module Scoping section above for more information on scoping at the individual user level

  2. Home Organisation Unit

    1. When a form is completed, the respondent completing the form selects the relevant organisational details such as a particular division that the form is applicable to. This can be auto populated based on the users HR details

    2. Users can be scoped to only see forms in division A for example

    3. Note that the forms can have a different entity to the user. For example, if a users home organisation is listed as division B but they are completing a plant pre-start form for division A, the form will belong to division A and only those users who have privileges to view division A forms will see it. The fact the user's personal home organisation is division B is irrelevant in this case.

    4. See the Home Organisation Unit Scoping section above for more information

  3. Form Groups

    1. Form groups allow for scoping to restrict specific forms

    2. As an example, there may be a form group for HSE and a form group for HR

    3. Access can be given to the HSE form group which means the user can complete any form within

    4. If access is not given to the HR form group, the user won’t even know it exists and won’t be able to see or complete any of the forms within

    5. See the Form Group Scoping section below for more information

These options can be used in isolation or combined. A user can have permissions to view every single form in a particular form group for 3 out of 5 divisions for example.

Form Group Scoping

Users can be scoped by form groups which means only forms within the selected form groups will be available for completion and viewing. This can be done at the role level (where groups of users can be scoped) or at the individual level (only recommended in an unusual, one-off case). 

To scope a role to a particular form group, from the edit roles page:

  1. Create the role for InForm as normal, as per instructions in the Access Roles page in this user guide

  2. To scope to a particular form group, untick the 'Scope to all form groups' option

    1. By default, the 'Scope to all form groups' will be ticked, meaning all users in the role will have access to all forms

       

  3. Select all the form groups to be scoped

 

Intranet Scoping

Access roles for Lucidity Intranet do not include viewing or editing permission to any of the Management System pages or any of the folders within the Filing Cabinet by default and need to be specified. Without these permissions allocated, users will not be able to view the Management System or the Filing Cabinet. Users can be given access to the Management System pages and/ or the Filing Cabinet at the role level (where groups of users can be added) or at the individual level (only recommended in an unusual, one-off case). 

Filing Cabinet Permissions

To allocate permissions to a folder within the Filing Cabinet, from the edit roles page:

  1. Create the role for Intranet as normal, as per instructions in the Access Roles page in this user guide

  2. In the Cabinet Permissions section, use the + and - buttons to locate the highest level folder the user is required to access. They will have access to this folder and all it's sub-folders ('child' folders)

  3. Click 'Select Roles'

     

  4. Click 'View Permissions' to view or change the permissions for the selected role

  5. Apply to both the Document Vault and the Filing Cabinet folders as required

 

Intranet Management System Permissions

To allocate permissions to a Management System, from the edit roles page:

  1. Create the role for Intranet as normal, as per instructions in the Access Roles page in this user guide

  2. From the Management System Permissions section, apply the required edit or view permissions for each Management System