What Is a User Role?

Securityin eAMI

Security in eAMI starts when the user logs into the system. The system will authenticate the username and password entered by the user. If the authentication process determines the user has access to multiple clients, then a “Select Client Context” window will appear for the user to select which client he/she wishes to go into. If the authentication process determines the user has access to only one client, eAMI will automatically display the eAMI dashboard for that user. The controls that are displayed in the eAMI dashboard are dependent upon the user role in which the user belongs to. The user role dictates the permissions and access rights the user will have while in eAMI.

What is a User Role?

A user role is a generic group of permissions and access rights that can be applied to multiple users. Using this method, eAMI administrators can alter permission and access rights for a particular group of people instead of having to do it individually for each user in the eAMI system. User roles can only be created and modified by a user who has “Client Admin” permission within the system AND all users must be assigned a user role.

Three examples of user roles are shown below.

1. “Accounts Payable” – users assigned to this role would have permission to view the invoice and mark the invoice for payment and receive notifications from the system when invoices are ready to be paid.
2. “Billing Specialist” – users assigned to this role would have permission to view the invoice, allocate the invoice and receive bulletin information regarding usage charge exceptions and monthly recurring and one-time charges.
3. “Telecom Manager” – users assigned to this role would have permission to view and approve the invoice and add and modify contracts.

A user role is defined by four different categories of information: Permissions, Dashboard Control Access, Audit Notification, and Report Access.

Dashboard Control AccessPermissions

Dashboard controls work in conjunction with permissions. Dashboard controls provide access to the various different management areas within eAMI while permissions provide the level of access within the different management areas.

For example, a user role can be defined to provide access to the invoice management control and permission to view only particular accounts. A user assigned to this user role would be able to navigate into the invoice management area and view only invoices that contain accounts the user had permission to view. The user could not allocate, approve, or pay any invoices and would be restricted as to which invoices they could view and how much of the invoice they could view.

Below are tables containing each dashboard control and its associated permissions.

Bulletin Management
Permission Category / Permission Name / Comments
View / View any exception associated with any account / Grants permission to the user to view any exception associated with any account.
View exceptions associated with particular accounts / Grants permission to the user to view exceptions associated with accounts assigned to the user. Granting this permission will require the administrator to identify for each user a list of accounts the user can view exceptions for.
Close / Close any exception associated with any account / Grants permission to the user to close any exception associated with any account.
Close exceptions associated with particular accounts / Grants permission to the user to close exceptions associated with accounts assigned to the user. Granting this permission will require the administrator to identify for each user a list of accounts the user can close exceptions for.
Invoice Management
Permission Category / Permission Name / Comments
View / View invoice for any accounts / Grants permission to the user to view any account for any invoice.
View invoice for particular accounts / Grants permission to the user to a particular list of accounts. Granting this permission will require the administrator to identify a list of accounts for each user having this permission
View only my call details / Grants permission to the user to only the call details associated with the user having this permission. The identifies a user’s call detail records by comparing the working telephone number with one of the phone numbers in the user’s contact information.
Allocate / Allocate invoices for any account / Grants permission to the user to allocate any invoice and the accounts within the invoice.
Allocate invoices for particular accounts / Grants permission to the user to allocate specific accounts. Granting this permission will require the administrator to identify for each user a list of accounts each user can allocate.
Pay / Pay for any account / Grants permission to the user to mark any invoice as paid.
Pay for particular accounts / Grants permission to the user to mark as paid invoices that are associated with specific master accounts. Granting this permission will require the administrator to identify for each user a list of master accounts the user will be able to pay.
Approve / Approve all invoices / Grants permission to the user to approve any invoice for any master account.
Approve invoices for particular accounts / Grants permission to the user to approve invoices associated with specific master accounts. Granting this permission will require the administrator to identify for each user a list of master accounts the user will be able to approve.
Employee Management
Permission Category / Permission Name / Comments
View / View any employees in the list / Grants permission to the user to be able to view all employee profiles.
View only employees under my supervision including myself / Grants permission to the user to view their employee profile as well as the employee profiles of their subordinates.
View only myself / Grants permission to the user to view their own employee profile. The user cannot view anyone else’s employee profile.
Edit / Edit any employees in the list / Grants permission to edit all employee profiles.
Edit only employees under my supervision including myself / Grants permission to the user to edit their employee profile as well as the employee profile of their subordinates.
Edit only myself / Grants permission to the user to edit only their employee profile. The user cannot edit any other employee profiles.
Activate / Activate/Deactivate employees in the list / Grants permission to the user to activate or deactivate any employee. Note: the user cannot deactivate himself or herself.
Activate/Deactivate only employees under my supervision / Grants permission to the user to activate or deactivate any subordinate employee. Note: the user cannot deactivate himself or herself.
Inventory Management
Permission Category / Permission Name / Comments
View / View all inventory / Grants permission to the user to view all inventory information.
View only inventory belonging to myself and my subordinates / Grants permission to the user to view only inventory assigned to the user and to the user’s subordinates.
Edit / Edit all inventory / Grants permission to the user to edit all inventory.
Edit only inventory belonging to myself and my subordinates / Grants permission to the user to edit only inventory assigned to the user and to the user’s subordinates.
Add / Add inventory / Grants permission to the user to add any kind of inventory.
Assign / Assign inventory to employees / Grants permission to the user to assign any inventory to any employee.
Activate / Actviate/Deactivate Inventory / Grants permission to the user to change the status of an inventory item.
G/L Code Management
Permission Category / Permission Name / Comments
Update / Add / Edit / Delete G/L Codes / Grants permission to the user to add new G/L codes and edit or delete existing G/L codes.
Dispute Management
Permission Category / Permission Name / Comments
View / View disputes / Grants permission to the user to view any dispute associated with any invoice and/or account.
Add / Create disputes / Grants permission to the user to create a new dispute.
Edit / Edit / Update / Close Disputes / Grants permission to the user to update disputed items, add notes to the dispute and close the dispute.
Contract Management
Permission Category / Permission Name / Comments
Update / Create / Modify Contracts / Grants permission to the user to add a new contract, update an existing contract with new schedules, rates, etc. and remove contracts.

Audit Notification & Permissions

Audit Notification works in conjunction with permissions. Selecting an audit rule from the list tells eAMI to send an email to the user whenever any notifications or exceptions are generated from the audit rule provided the user has permission to view the accounts associated with the exceptions and notifications. The following table describes the permissions associated with Audit Notification.

Permission Category / Permission Name / Comments
View / View any exception associated with any account / Grants permission to the user to view any exception associated with any account.
View exceptions associated with particular accounts / Grants permission to the user to view exceptions associated with accounts assigned to the user. Granting this permission will require the administrator to identify for each user a list of accounts the user can view exceptions for.

Report Access & Dashboard Control Access

Report Access works in conjunction with Dashboard Control Access. For a user to run reports, the user role must contain a list of some standard reports and have the Report Managerdashboard control. Without both of these areas defined within a user role, the user may be able to navigate to the standard report management area but have no reports to run. Likewise, a list of reports may be defined allowing the user to run the reports, but the user could not navigate to the list of reports without having access to the report manager control. By associating reports to a user role, the administrator can control what reports a user or group of users can run.

‘Client Admin’ Permission

“Client Admin” permission gives the user full access to all parts of the eAMI system to administer the system. This permission allows the user to create new employees, manage users, allocate and pay invoices, manage contracts and inventory, unfreeze invoice allocations, manage cost center codes, etc. The client admin permission should only be used by the user who is designated to manage the eAMI system for a client.

Client Admin permission does not require that any dashboard controls be selected. Because of the nature of this permission, all controls on the dashboard are available. However, you will still need to identify audit rules for notification purposes and reports.

‘Client Super User’ Permission

“Client Super User” permission gives the user full access to subordinate clients. A client within eAMI can be setup as a parent to another client, creating a subordinate client. Users assigned to a user role with this permission will be able to manage all areas of a subordinate client just as if the user was an employee of the subordinate client.

How do you create a user role?

1. Click on the “Organization” link on the eAMI dash board to navigate to the organization landing page. Click on the “Go” button to display a list of vendors and the client’s organization.

1. Click on the client’s organization to navigate to the “organization detail” page.

1. Scroll to the section of the page labeled “User Role Data” and click on the “Assign Permission” link associated with the user role to be modified to navigate to the “user role data” page. If a new user role is required click on the “Add Roles” button, enter a name and description for the new user role and click on the “Apply” button. You will have to click on the “Save” button at the bottom of the “organizational details” page before you can begin to assign permissions on the new user role.

1. Under the “Assign Permission” section, select the appropriate permissions for the user role and move them into the “Selected” list.

1. Under the “Assign Home Page Function” section, select the appropriate dashboard controls for the user role and move them into the “Selected” list.

1. Under the “Assign Rule” section, select the appropriate auditing for which the user having this user role will receive exceptions and notifications for, and move them into the “Selected” list.

1. Under the “Assign Reports” section, select the appropriate reports for users of this user role to run and move then into the “Selected” list.

Be sure to click on the “Save” button at the bottom of the page to save what was selected.

Security in eAMI.doc9/17/2018