Cirrus offers the possibility to your organisation to flexibly setup roles which in turn define the level of access and permission for your users. In other words: Roles define what users can see and do in the system.
The type of role a user has defines what type of other users he can add or edit. For example System Admins in Cirrus can deputise the user management for groups within the hierarchy to Admins.
- Access levels for user management in Cirrus
- Admins versus group or deputy admins to add users to certain groups
Each (custom) site role you define is in turn connected to one of four role type:
- System Admin
So if you create a new site role, you can select 1 of 4 role types. Your Role type regulates what type of users you can add / edit:
This means for example that someone with a lower level permission will not be able to change anything from someone with a higher Role. In other words:
- Someone with a lower role type cannot change the settings or role of someone with higher role type, for example Admins cannot change System Admins.
- Someone with a lower role type cannot add users with a higher role type. I.e. an Admin cannot add a System Admin user.
- An Admin cannot promote him/herself to System Admin. They can create other Admins within their groups but only a System Admin can grant these new admins the permission to start creating users in certain hierarchies and below.
- The default Role Type when creating new (custom) site role (under Admin > Roles) is set to the lowest level (Candidate).
- Remember: you can always up- or down-grade a custom role.
- Users with role type System Admin are set as administrators (Administrator check-box is set) in Root hierarchy and all other hierarchies of the site initially. It is up to the customer to customize and maintain this.
If an Admin needs to do user management his Role needs to enable this AND in their user profile on the Hierarchies tab permissions need to tell which groups of users he can manage.
System Admins in Cirrus can deputise the user management for groups within your hierarchy. To do this you go to a selected users profile and check the groups he/she should be able to administer.
- Go to Admin > Users > John Doe > Hierarchies > checking the Administrator check boxes for those groups the user should be able to administer:
- If a user is set as 'Administrator' for a group, he/she can only add and manage users from that hierarchy level or below.
- Only 'System Admins' can set this permission. Admins, Authors and Candidates can only view these permission if their Role (as defined by you) allows access to Admin > Users.
Let look at an example:
John Snow is added as an 'Administrator' to Test Center 2 by a System Admin. This means John kan manage users from that level and below:
- Test center 1
- Test center 2
- Group 1
- Group 2
John is added as Admin to Test Center 2. This means that he can only see and add users to the hierarchy levels shown in bold. He is only allowed to add/import users from the level he is an administrator and below. He can view users from this hierarchy, can edit/delete only users from his hierarchies.
Remember: as an 'Admin' type John is not able to change his own role to system admin. He can also not add new system administrators. He is able to add Admins though. He can see the 'Administrator' check boxes, but he cannot use them.