Note: This section is available only in the flexible hierarchy framework.

Creating User Roles and Assigning to Staff

Creating a User Role

  • STEP 1: Click on the new menu item ‘Role Management’, included under the ‘Administration’ area within Camms.Strategy. This can be accessed by clicking on the Strategy Navigation Menu.
  • STEP 2: Click on the ‘New’ button located above the existing list of user roles to create a new user role. 
  • STEP 3: The following fields will load once the ‘New’ button is clicked.

a. Name – Name of the user role. 

b. Product – Displays a list of products within the CAMMS suite activated for the particular client. Select a product. 

c. Permission – Displays all the available areas and a list of permissions applicable to those areas based on the selected product.

i. For example, if ‘CAMMSRISK’ is selected as the product, the areas related to ‘Risk’ will load along with the permission applicable to each area. 

  • STEP 4: Click on the ‘Expand’ icon placed in front of each area to expand the areas/ permissions.
  • Users must have both the 'Edit' and 'Link' permissions for editing, and to add/edit the hierarchy linkages. 
  • If the user has the 'Edit' permission, but doesn’t have the 'Link' permission, he/she cannot add/edit hierarchy Linkages.
  • STEP 5: Tick the relevant permission under each area required for the role as shown in the below figure, and click on the ‘Save’ button to save the user role. User will be saved according to alphabetical order.
    Note: See articles named Permissions and Staff Management of the respective Camms Products for a detailed description of each permission under its products.

Assigning User Roles to Staff

  • STEP 1: Navigate to the ‘Staff’ page (Framework > Staff).
  • STEP 2: Create a new staff member by clicking on the ‘New’ button and fill in the details.

  • STEP 3: Once the staff is saved, the ‘Assign Role’ tab will appear next to the ‘Details’ tab. 

  • STEP 4: Click on the ‘Add New’ button within the ‘Assign Role’ tab to assign a user role to a staff. 

  • STEP 5: The following screen will load once the user clicks on the ‘Add New’ button. 

  • In order to assign a role, the user has to fill in the following fields as in the below figure.
    • ‘Hierarchy’ dropdown – Displays all the available hierarchies in the system. Select a hierarchy from the dropdown.
    • ‘Hierarchy Level’ dropdown – Displays the hierarchy levels based on the selected hierarchy. Select a hierarchy level.
    • ‘Hierarchy Node’ dropdown – Displays a list of hierarchy nodes based on the selected hierarchy level. Select a node from the dropdown. 
      • The area after the ‘Hierarchy Node’ dropdown will filter and display the hierarchy tree according to the selected hierarchy, level and node. 
        • In order to expand the hierarchy tree, click on the ‘Expand’ icon placed in front of each node or double click on the relevant node to expand the levels below. 
    • ‘Product’ dropdown – Displays a list of products within the CAMMS suite activated for the particular client. Select a product.
    • ‘Group/ Roles’ area – This area will generate a list of roles based on the selected product. Select a user role.
    • Click on the ‘Save’ button to assign the role to the staff member.

  • STEP 6: The roles assigned to the user will be displayed as follows.
    • Hierarchy Name – Displays the selected hierarchy.
    • Hierarchy Nodes – Displays the nodes to which the role is assigned to. The user may have multiple nodes assigned.
      • If the user has multiple roles assigned to him, each node will be displayed as a new row. 
    • Roles – Displays a list of roles assigned to the staff.
  • STEP 7: Click on the ‘Edit’ button to update the user roles.
    • Clicking on ‘Edit’ will display tick boxes in front of each role of the selected node. The user can untick irrelevant roles and update the roles assigned to the particular user.
  • STEP 8: Click on the ‘Delete’ button to delete a role assigned to the user. 


Assigning Multiple Product Permissions to User Roles

A user can select multiple products from the ‘Product’ dropdown and assign permission to the same user role. The staff assigned to this particular user role will have access to multiple products based on the given permission.

  • For an example, ‘Risk Manager’ role has been given permission under the product ‘CAMMSRISK’ as shown in the below figure.

  • Once this user role is saved, change the product using the ‘Product’ dropdown. The product has been changed to ‘CAMMSSTRATEGY’ as shown in the below figure.

  • Since ‘Risk Manager’ role has been assigned permission under both ‘Risk’ and ‘Strategy’ products, the staff assigned to the ‘Risk Manager’ role will have access to both ‘Risk’ and ‘Strategy’ areas based on the permission.


Replication of User Roles

  • STEP 1: Navigate to the ‘Role Management’ page and create a user role. 
  • STEP 2: The ‘Replicate’ button will appear once the user role is saved. 
    • Click on the ‘Replicate’ button to create a copy of the user role. 

  • The duplicated user role will be renamed as ‘Copy of [User Role name]’ by default.
    • For an example, the duplicated user role of ‘Risk Manager’ will be renamed as ‘Copy of Risk Manager’ as shown in the below figure.
    • The user role will get arranged according to the alphabetical order by default.


SYCLE Mode – Flexible Hierarchy Menu Items

If the SYCLE mode has been enabled for a client, the flexible hierarchy menu items will be displayed as shown in the below figure.

  • ‘Role Management’ page – ‘Framework’ area. 
    • Once clicked, the page will open in a new tab. 
    • For creation of user roles, view section 'Creating a User Role'.
      • SYCLE will be displayed under the ‘Product’ dropdown within the ‘Role Management’ page as shown in the below figure.

  • ‘Staff’ page – ‘Framework’ area. 
    • Once clicked, the page will open in a new tab. 
    • To assign user roles to staff, view section 'Assigning User Roles to Staff'.


Risk Standalone Mode – Flexible Hierarchy Menu Items

  • If risk standalone mode has been enabled for a client, the mega menu will be visible as shown in the below figure.
  • The ‘Role Management’ page and ‘Staff’ page will be displayed within the ‘Administration’ area.
  • Role Management’ page and ‘Staff’ page will open in a new tab when clicked. 
    • For creation of user roles, view section 'Creating a User Role'.
    • To assign user roles to staff, view section 'Assigning User Roles to Staff'.


Hierarchy Filters

The following three filters have been added as filter options. 

  • ‘Hierarchy’ – Loads all available hierarchies created. 
  • ‘Hierarchy Level’ – Loads all hierarchy levels based on the selected hierarchy and permission. 
  • ‘Hierarchy Node’ – Loads all nodes relevant to the selected hierarchy level and will be based on the permission applied.
Important: The filtration will be based on the links within the ‘Organisational Links’ column and will only allow filtration based on the nodes that a risk is linked to. (i.e. filtrations will not role up).
  • If all filters are blank, all risks relevant to the user’s permissions will be shown. 

  • The above filters have been added within the following areas. 
    • Camms.Risk – Filters have been added within all Risk Registers. 
      • Strategic Risk Register 
      • Operational Risk Register 
      • Project Risk Register 
      • Corporate Risk Register 
      • Risk Control Register 


  • Camms.Risk Audit – Filters have been added within the following areas. 
    • Audit 
    • Findings 
    • Recommendation



Functionality of Hierarchy Trees within EIS and Analysis Areas

  • ‘EIS’ will load based on the permission assigned to a user. The hierarchy tree will be filtered accordingly. 
    • For an example, if the user is linked to the ‘Chief Executive Officer’ node and the user has been given the ‘View Node with children’ permission, the hierarchy tree will show the ‘Chief Executive Officer’ node and its child nodes. 
  • Actions, KPIs, Budget, Scorecards and Risks will load accordingly. 
  • The level and node the user is linked to will be displayed in the following manner. 

  • The ‘Risk Analysis’ will load based on the permissions assigned to a user. 
    • The hierarchy tree will be filtered according to the hierarchy level and node the user is linked to. 
    • ‘Risk Analysis’ will display only the risks assigned to the user under the linked node.


Hierarchy Linkages

Link to the Organisation Hierarchy

  • ‘Add/ Edit Links’ button has been added within the following areas in order to link risks/ audits to the flexible org hierarchy. 
    • Risk Registers 
      • Strategic Risk Register – Initial Risk Assessment 
      • Operational Risk Register – Initial Risk Assessment 
      • Project Risk Register – Initial Risk Assessment 
      • Risk Control Register 
      • Risk Solutions tab 
      • Risk Control tab 
    • Audit Register 
      • Audit – Audit Details tab 
      • Recommendation – Recommendation Details tab 
  • The following shows an example of how ‘Risk Solutions’ are linked to the flexible org hierarchy. The same logic applies to all other areas mentioned above in the same manner. 
    • Navigate to the ‘Risk Solutions’ tab and click on the ‘Add/ Edit Links’ button.

    • Clicking on the Add/ Edit Links’ button will open a pop-up that loads the custom/ flexible org hierarchy, expanded to the first level by default.
    • The user can expand the tree by clicking on the ‘Expand’ icon placed in front of each node or by double-clicking on the node. 
    • The visibility of the nodes and the ability to link risks to a particular node will depend on the permission given to the user.
    • Click on the ‘Save’ button to save the selected nodes. The selected hierarchy, level and node will be displayed in the manner of a breadcrumb. f. The selected node will be displayed in bold as shown in the below two figures.


Linking Risks to the Custom Organisation Hierarchy using Links tab

The hierarchy tree will be filtered according to the permissions given to a user within all risk registers. 

  • STEP 1: Click on the ‘New’ button within the ‘Links’ tab to link a risk to a hierarchy. 
  • STEP 2: Select ‘Hierarchy’ from the ‘Create a New Linkage’ dropdown. 
  • STEP 3: Select a hierarchy type from the ‘Hierarchy Type’ dropdown. 
  • STEP 4: Once the hierarchy type is selected, the hierarchy tree will be filtered according to the permission given to the user. 
    • For example, if the user has been given the ‘View Node Only’ permission, the hierarchy tree will show the user’s linked node as well as its parent nodes. 
  • STEP 5: Click the ‘Link’ button to link the risk to the hierarchy.


Display of Linked Organisation Levels/Nodes – Organisation Link column

  • The ‘Organisational Links’ column displays the organisation level to which a particular risk is linked to. 
  • This column has been added within the following areas:
    • Risk Register
      • Operational Risk Register
      • Corporate Risk Register
    • Audit Register
      • ‘Audit’ tab



Linking Actions to the Hierarchy

  • A user will be able to link an action to the custom/ flexible org hierarchy based on the permission assigned to a user. 
  • The user’s linked node will be displayed on the top left corner as shown in the below figure when he/she initially navigates to the ‘Action’ page.

  • Click on the ‘Hierarchy’ icon to view actions linked to other nodes.

  • When the ‘Hierarchy’ icon is clicked, a pop up displaying the hierarchy tree will appear. The hierarchy tree will display based on the permissions given to the user. The following shows a scenario where ‘View Node with Children’ has been given to a user. 

  • The user’s ability to view, add, edit and delete actions will depend on the permissions assigned to the user through the ‘Role Management’ page. a. For example: 
    • If the user has been given ‘View All’ permission, he/ she will be able to view all actions and will be able to add/ edit based on the permission assigned to him. 
    • If the user has been given ‘View Node only’ permission, he/she will be able to view actions that are linked to his node. 
  • The hierarchy tree within the ‘Links’ tab will be displayed according to the permission given to the user.
    Note: The staff member will only be able to create actions if he/she is linked to the organisational hierarchy.


Enhanced Security Permissions

The list of permissions below have been added within the ‘Role Management’ page in order to restrict a user’s ability to view, add, edit and delete components within certain areas of a product.

Camms.Strategy

The following permissions have been added under the ‘Actions’ and ‘KPI’ areas within Camms.Strategy. 

  • For example, the grid below has been prepared taking only ‘Actions’ into account. This logic applies to KPIs in the same manner.
Actions
AddAllows the user to only add actions.
DeleteAllows the user to only delete actions.
View AllAllows the user to view all actions within the application. 
Allows the user to link actions to all levels/ nodes of the hierarchy
View All Not Linked to HierarchyAllows the user to view all actions not linked to any node of the hierarchy. If you wish to link such an action to the hierarchy, either one of the permissions; view all, view node only or view node with children, should be assigned in addition to the ‘View All Not Linked to Hierarchy’ permission.
View Node OnlyAllows the user to only view all actions assigned to the node that the user is linked to. 
Allows the user to link actions to the node that the user is linked to.
View Node With ChildrenAllows the user to only view all actions assigned to the node and the children of the node that the action is linked to. 
Allows the user to link actions to the node and the children of the node that the action is linked to. 
Note: Actions should be linked to either the level that the user is linked to, or below for the action to appear within the register.
View All Responsible OfficerAllows the user to view all actions to which he is assigned to as a ‘Responsible Officer’.




Camms.Risk 

The following table shows a list of permissions added within all four risk registers. 

  • For example, the grid below has been prepared taking only ‘Strategic Risks’ into account. This logic applies to other types of risks in the same manner. 
Strategic Risk
AddAllows the user to only add strategic risks to the Strategic Risk Register.
DeleteAllows the user to only delete strategic risks in the Strategic Risk Register.
Strategic Risk Register
View AllAllows the user to view all strategic risks within the application. Allows the user to link strategic risks to all levels/ nodes of the hierarchy.
View All Not Linked to HierarchyAllows the user to view all strategic risks not linked to any node of the hierarchy. If you wish to link such a risk to the hierarchy, either one of the permissions; view all, view node only or view node with children, should be assigned in addition to the ‘View All Not Linked to Hierarchy’ permission.
View Node OnlyAllows the user to only view all strategic risks assigned to the node that the user is linked to. 
Allows the user to link strategic risks to the node that the user is linked to.
View Node With ChildrenAllows the user to only view all strategic risks assigned to the node and the children of the node that the risk is linked to. 
Allows the user to link strategic risks to the node and the children of the node that the risk is linked to. 
Note: Risks should be linked to either the level that the user is linked to, or below for the risk to appear within the register.
View All CreatedAllows the user to view all strategic risks created.
View All Responsible OfficerAllows the user to view all strategic risks to which he is assigned to as a ‘Responsible Officer’.
Control
AddAllows the user to add controls to a strategic risk.
DeleteAllows the user to delete controls within a strategic risk.
View All Responsible OfficerAllows the user to view all risk controls to which he is assigned to as a ‘Responsible Officer’ (Control Owner).



Camms.Risk Audit 

The following table shows a list of permissions added within the audit registers. 

  • For example, the grid below has been prepared by taking only ‘Audits’ into account. This logic applies to ‘Findings’ and ‘Recommendations’ in the same manner.
Audit Register
View AllAllows the user to view all audits within the ‘Audit Register’. 
Allows the user to link audits to all levels/ nodes of the hierarchy.
View All Responsible OfficerAllows the user to view all audits to which he is assigned to as a ‘Responsible Officer’.



Camms.Risk Incident

The following table shows a list of permissions added within the Incident registers.

Note: Permission for all incident registers will be assigned through the following.


Incident Register
View AllAllows the user to view all incidents. 
Allows the user to link incidents to all levels/ nodes of the hierarchy.
View All Not Linked to HierarchyAllows the user to view all incidents not linked to any node of the hierarchy. If you wish to link such an incident to the hierarchy, either one of the permissions; view all, view node only or view node with children, should be assigned in addition to the ‘View All Not Linked to Hierarchy’ permission.
View Node OnlyAllows the user to only view all incidents assigned to the node that the user is linked to. Allows the user to link incidents to the node that the user is linked to.
View Node With ChildrenAllows the user to only view all incidents assigned to the node and the children of the node that the incidents are linked to. Allows the user to link incidents to the node and the children of the node that the incident is linked to. Note: Incidents should be linked to either the level that the user is linked to, or below for the incident to appear within the register.
View All CreatedAllows the user to view all incidents created.
View All Responsible OfficerAllows the user to view all incidents to which he is assigned to as a ‘Responsible Officer’.