Roles management
Roles are an important part of ECCAIRS2 because they determine what the user can or cannot do. Roles also filter the reports available for each person using the platform. They are also used for selecting the views available when viewing a report in detail.
To do this, there is a Roles Management section, in which you can configure as many roles as you want and select the desired parameters. Roles can be created either by the ECCAIRS2 Administrator or by authority’s administrative users (with the proper permissions).
Click on the ‘Administration’ option located in the top-menu, then click on ‘Roles Management’ (Administration > Roles Management). A list with all the available roles for your authority shall be shown.
New role
To create a new role, click on the 'New Role' button. A window to create the new role will be opened.
The fields marked with an asterisk like 
will be mandatory on saving.
Type
Select to which type of authority (NAA or SIA) is this role intended. Depending on this types it will be available a set of permissions (user rights) to be assigned to the role.
Hierarchy
The Hierarchy field is an important one. Each group of permissions is directly related to the roles hierarchy, this way when a role with hierarchy level X is created only the permissions related to hierarchy level X will be available to be assigned to the new role.
Roles shall be classified according to a ‘Role Hierarchy', being:
-
1- Built-in.
-
A Built-in role is an out-of-the-box role, it can’t be edited nor deleted.
-
‘ECCAIRS System Administrator’ is a built-in role and can be considered as a Super-user role.
-
-
2- ECCAIRS Administrator
- Assign this hierarchy to roles intended to administer ECCAIRS2 at central level.
-
3- Authority Administrator
- Assign this hierarchy to roles intended to administer ECCAIRS2 at authority level (create roles, users, views, taxonomy, etc)
-
4- Custom
- Assign this hierarchy to a role created to be used in your authority. You will not be able to assign any kind of administrative permission to a role with this hierarchy.
-
5- Reporter
- This is the lowest hierarchy. Roles of this hierarchy will have really limited permissions.
The highest the number the lower the level in hierarchy.
The hierarchies available when creating/editing a role will be those with a level lower than the highest hierarchy level assigned to the roles the logged-in user is enrolled.
When editing a role, you will not be able to change it if this role already has users assigned to it. So in this case, the hierarchy will be greyed out.
Authority
This field shall be automatically filled-in with the authority related to your user-account (ECCAIRS2 central administrators will be able to select the Authority to which the role will apply).
Query
On E2 you can restrict access to the application itself but also to the application content. It can be do so by using que Query defined in the role page.
When you assign a query to a role, you are filtering what reports this role will see in windows like Original Reports, Validated Reports or Occurrences.
Only queries made by you or shared with you via shared library will be available here.
If there is no query assigned to the role then you will be able to see all occurrences owned by or shared with your authority.
If you are enrolled to more than one role then the occurrences that you will see will be a combination of the query results of all those roles.
Permissions
As a last part of the new role creation, you will find a table. In this table you have a granular control of what users with this role can do in ECCAIRS2.
It is important to notice that you will not be able to create a role with more permissions than the ones that you have. This is done with the hierarchy selected before. Based on the hierarchy, the permissions to be able to assign to a role will be filtered.
Permissions are classified in 3 sections:
- Basic Permissions
- Advanced Permissions
- Occurrence Views
The 4th tab 'Enrolled Users' displays the list of User which have this role.
Basic Permissions
Here you will be able to grant basic permissions (create, edit, read, delete) on E2 objects (e.g. User, Role, Occurrence, Safety Recommendation, Query, etc). To select all the options you must click on the name of the object.
Advanced Permissions
Here you will be able to grant permissions on E2 specific functionalities related to:
- Reports (e.g. archive validated reports, validate original reports, share occurrences, etc)
- Safety Recommendations (e.g. publish SR, link SR with VR or Occurrences, etc)
- Data Management (e.g. share a query, check a quality rule, execute batch operations, etc)
- Translation
- User, Roles & Organisation
- Taxonomy (e.g. release a custom taxonomy)
- Other
- E2 Central Hub
Occurrence Views
The views to be used by the users enrolled to the role are also decided in this part of the window. In the Occurrence views tab of the table, you can select which views will be available for that role when creating, reading or editing reports.
Click on the 'Save' button when you have finished adding permissions.
Enrolled Users
Here you will see a list of all users assigned to this role. This list is built automatically, you cannot enrol new users from here.
Edit role
If you want to edit an existing role, press the 'pencil' button which appears while hovering a Role.
The same window as when creating a new role will be opened but this time it will be preloaded with the data of the role you want to edit.
Take into account that when editing a role, the same restrictions as when creating a role will be evaluated when saving the changes.
Enrolled User
List the users that are currently enrolled to the role and when did they last loged-in
Delete role
Before deleting a role, you will have to make sure that there are no users linked to that role. If this is the case, you will not be able to delete the role.
To delete a role, press the 
'trash' icon button.
A window confirming the action will be shown. Click on the 'Yes' button to confirm and delete the role.
