Authorisation roles

A person and/or contact is assigned to the authorisation role because he/she has a specific role, job or responsibility that is important for the authorisation of the functionality on the site. When new items are added to the existing functionality, users with the appropriate authorisation role immediately have access to the new functionality.

You link an authorisation role to the contact person properties. Profit determines the available roles for the contact person automatically.

Profit supplies default authorisation roles for each portal. Usually, at least one Site administrator role and one Site user role is available.

Role

Functionality (example)

Example of actions to be performed:

Administrator

Manage an organisation, View an organisation

Change a contact person

 

Register for a course

Overview of courses followed

 

View financial data and dossier

Incidents overview

User

View an organisation

Change a contact person

 

View a dossier

Incidents overview

Description

Default authorisation roles are supplied. You cannot maintain these roles. You add authorisation roles to a contact person. You can (usually) divide your customers into two groups: individuals (Business to customer) and organisations (Business to business). Both groups log on to your OutSite portal.

In the portal (external) users must have access to their personal dossiers. You have to authorise this functionality so that only the correct person has access to a personal dossier. Someone who logs on to a portal must always have a role or authorisation role to be able to open his/her dossier. You record the rights to the dossier in the role.

We distinguish various persons:

  • Person

    At the person level, you can only be a Portal Administrator. It is not possible to be a Portal User at the person level. A person is an individual. The organisation for which this person works is not as relevant, it is all about the person him/herself. An example of this is the person who is linked to a sales contact. Another example is the 'IB' client. The logged-on sales contact can view his/her own personal dossier. The 'IB' client can look at and review his/her own 'IB' declaration.

  • Contact of an organisation

    An example of a contact of an organisation is the accountant who takes care of the declarations for the organisation. If he/she logs on as a contact of the organisation, this accountant sees the dossier of the organisation and his/her own personal dossier.

When granting rights, the assignment of the authorisation roles is important:

  • If the customer is an individual, you grant the person rights.
  • If the customer is an organisation, you grant the contact person (of the organisation) rights.

Diagram of the difference between anonymous, administrator and user:

2G_Autorisatierollen

Example:

  • OutSite BV is an accountants office.
  • Klaas Dekkers is a contact person at OutSite BV. Klaas has the role of Employee accountancy portal .
  • Klaas Dekkers is also a contact person for Klaas Software (his own company). Here Klaas has the role of Administrator accountancy portal.

    You assign the authorisation roles as follows:

  • The accountant gives the contact 'Klaas Dekkers (OutSite BV)' the Employee accountancy portal role.
  • The accountant gives the contact 'Klaas Dekkers (Klaas Software)' the Administrator accountancy portal role.

    It would be incorrect if:

  • The accountant gives the person 'Klaas Dekkers (OutSite BV)' the Employee accountancy portal role.
  • The accountant gives the person 'Klaas Dekkers (Klaas Software)' the Administrator accountancy portal role.

    If the accountant configures the roles at the wrong level (in this example at the person level), Klaas gets administrator rights for all his contacts. This means that for his own company and for OutSite BV, Klaas is able to change data, approve declarations, etc. This is not what the accountant wants!

Procedure