Security Roles

In This Topic...

Security Roles are the collections of rights that are assigned to individual user accounts. This allows any number of related rights to be quickly assigned to one or more user accounts that will perform a similar role in the system.

If a user has a variety of responsibilities, multiple roles can be assigned, and new roles can be created to fill in any gaps.

Employee User Types

User Type	Description	Available To
Company Administrator	This user can see all activity they have the rights to view for any company within their hierarchy, no matter where in the hierarchy the user is placed.	Assureds Licensees
Administrator	This user can see and manage all activity they have the rights to for their own company and any subsidiary of their company.	Assureds Licensees
	Note: An Admin created at the headquarter level has the same access to the company hierarchy as a Company Administrator.
Power User	This user can see and manage all activity they have the rights to within their own company and no other company in the hierarchy.	All company types
	Note: Partner company employees can only be Power Users.
Private User	Can only see and manage their own activity within the system.	Assureds only

Security Role Types

Created security roles are available to employees and companies based on the security role type assigned.

Employee Security Role Types

Employees, employee roles, and employee groups can all have assigned security role types.

Role Type	Description
Employee - Assured	Accessible to all employees of an Assured company.
Employee - Partner Company	Accessible to all employees of a Proprietary company.
Employee - Licensee	Accessible to all employees of a Licensee company.
Employee - Partner Company Policy Group	Accessible to all employees of Proprietary companies associated to policy groups.
Employee - Licensee Policy Group	Accessible to all employees of Licensee companies associated to policy groups.

Company Security Role Types

Security roles are available to companies as a whole and have a global effect on subsidiaries and employees. Note that a company roles always supersedes an employee role, meaning that an employee role cannot have user rights their company role does not also have.

Role Type	Description
Company - Assured Company	Accessible to all assured companies and is assigned only when setting up a policy.
Company - Insurer/Broker	Accessible to all propiertary companies and is assigned only when setting up a policy.

Example: A user from Company A has the rights to create additional users and assign roles to them. They create:

Role 1 with 10 security rights
Role 2 with 9 security rights
Role 3 with 8 security rights

Then the user from Company A creates User 1 and assigns Role 2 to them.

User 1 can now create User 2 and will have to assign a role to them, however, User 1 can only access Roles 2 and 3 because there is a security right missing from User 1 for Role 1 and is unable to manage this role.

Suggested Best Practices

The following are a set of suggested best practices, however, are in no way an absolute solution.

All security roles should be created at the Headquarter level and then shared down to subsidiaries.
A Company Administrator user managing security roles and employees should have a role assigned to them that will contain all available security rights. Note that users cannot assign rights that they themselves do not have access to.
When creating roles, it is recommended to have a series of roles (mix of both company and employee) broken down into security rights sections; e.g. Assured - billing rights, Assured - shipment rights with premium, Assured - shipment rights without premium. This approach can facilitate the employee and policy maintenance.
When assigning roles to a company at the policy level, users should note that a company role always supersedes an employee role, meaning that an employee role cannot have use rights that their company role does not also have.