Within the Identity and Access Management (IAM) form within setup, users can be collected into groups. These groups are local to the RegScale instance and can be used for making assignments, for use in workflows, and for access control to objects within RegScale.
To create a group, an administrator should navigate to "Setup" and then "Identity and Access Management (IAM)". Then click "Manage" under "Groups"
Click "Add New", name the group, and click the plus sign to add it.
Members can be added to a group when it is created or by clicking the user+ icon next to the name of the group.
A user can also be added by editing the user under "Users" and selecting the group name in the drop down under "Manage Group" and clicking the plus sign.
To delete a user from a group, navigate to "Identity and Access Management (IAM)", select "Manage" under "Groups" and click "View Members" next to the name of the group to be edited. Click the trash can icon next to the user to be removed.
To delete a group, navigate to "Identity and Access Management (IAM)", select "Manage" under "Groups". Click the trash can icon next to the name of the group to be deleted.
Once groups are created, access control to records within RegScale can be more granularly managed. Records can be marked "Private" and access to them limited to only explicitly assigned groups.
Each record in RegScale: Regulators, Components, Implementers, and Workers, can be marked public (default) or private. All user accounts with roles above "ReadOnly" (see Roles) can mark a record private by clicking on the pad lock icon in the top left of the record. Green, open lock means public record. Red closed lock means private record.
When a record is private, its access can be limited to a specific group and that access limited to either read-only or read / update rights. Only an administrator can view private records outside of the specific rights assigned to a group.
As stated above, a user with a role above "ReadOnly" can navigate to a record and click on the pad lock icon to mark a record private.
Once a record is marked private, "Manage Group Permissions" appears in the dialog. Here, a group can be granted access and its permissions set to either "Read" or "Read, Update". Once identified, apply the access control rule by clicking the plus icon. Group access can be deleted by clicking the trash can icon next to existing permission assignments.
Outside of the applied group access control, only a user with the administrator role can access the record after it is marked private.
Users without access are given no indication that the record exists.
See Workflow for more information on this feature.
Workflow designer steps allow for notification and/or approval to be sought during a workflow instance. Assignment for notification or approval can be made to individuals, members of a functional role, or to a group. When designing a workflow step, choose "Group" in the "Step Type" dialog and then select the group to notify or approve.
Updated 3 months ago