Role Management

Role management can be used to limit the access of IQ4docs administrators to certain areas in IQ4docs WebAdmin. There are predefined roles, but additional roles can be created.

A user can have several roles (e.g. device and user administrator) – the rights of the roles are cumulative. The assignment of roles can be done manually, but also using an LDAP or file import.

Besides the area limitations, it is possible to restrict the view at the data record level (administrative limitations), e.g. to show the administrator of a branch office only the data (devices, users) of their branch. Here, too, an administrator can have several administrative IDs, for example to edit data for several branch offices.

Role Technical Role Name
System administrator (administrator can open all settings) System Administrator
Device administrator (administrator can only open device settings) Device Administrator
User administrator (administrator can only open user settings) User Administrator
Report Administrator (administrator can only open report settings and generate reports) Report Administrator

Follow the steps below to create a role.

To open the web administration, enter http://<hostname>/webadmin in the web browser (where hostname corresponds to the server on which IQ4docs WebAdmin was installed). In a client environment, enter the URL that you received from the client administrator (for example, http://server/webadmin/#/cf992178-4bd6-431c-b815-b9d734d0ded3). If you are not already logged in, log in with a user that has administrator rights (login and password) or as the IQ4docs system administrator (administrator with password admin by default).

In the web administration, click User > Roles in the menu (the list of existing roles opens).

If you want to create a new role, click Create Role. If you want to edit a role, click on the Edit icon at the end of the line. If you want to delete a role, click on the trash can icon. Predefined roles cannot be edited or deleted.

To enter a role, give it a suitable name. It appears during role assignment for the user or user import and should be as short as possible.

The following permissions can be assigned to a role. They can have the following rights:

Read: Areas can be viewed, but no changes can be saved.

Write: Changes in the areas can be made and saved (always includes reading also).

If neither of these rights is given, this area cannot be accessed.

The dashboard is always displayed. However, only those gadgets are visible that are relevant for the authorized areas, see also Dashboard.

Permission Access To Areas
Accounting
  • Accounting > Display Prices
  • Accounting > Price Lists
  • Accounting > Cost Centers
  • Accounting > Account Statements
  • Accounting > Automatic Budgeting
  • Accounting > Manual Credit Posting
Address Book
  • Address Books > Import Address Book
  • Address Books > Internal Address Books
Users
  • Users > User List
  • Users > Departments
  • Users > User-Defined Fields

The role assignment in the user data record can only be changed if both the User and System have write permission.
Dashboard
  • Dashboard (without detail pages)
Print
  • Print > Print Input
  • Print > Print-Job List
Fleet Management
  • Fleet Management > System Setup
  • Fleet Management > Advanced
Devices
  • Devices > Device List
  • Devices > Device Search
  • Devices > Device Settings
  • Devices > User-Defined Fields
  • Devices > Import Devices
  • Device > Locations
  • Print > Direct Printer
  • Print > Printer Queues
Reports
  • Reports
Workflows
  • Workflows > Workflows
  • Workflows > Previous Workflows
System
  • Authentication
  • Users > User Import
  • Users > Roles
  • E-mail > Outgoing E-mail
  • Documents > Document Input
  • System > License
  • System > Storage Locations
  • System > External Tools
  • System > System Areas
  • System > Service Status
  • System > System Information
  • System > Data Distribution
  • Logging > Logging Configuration
  • Logging > Live Log
  • Logging > Log Filter

Follow the steps below to assign a role to a user.

To open the web administration, enter http://<hostname>/webadmin in the web browser (where hostname corresponds to the server on which IQ4docs WebAdmin was installed). In a client environment, enter the URL that you received from the client administrator (for example, http://server/webadmin/#/cf992178-4bd6-431c-b815-b9d734d0ded3). If you are not already logged in, log in with a user that has administrator rights (login and password) or as the IQ4docs system administrator (administrator with password admin by default).

In the web administration, click Users > User List in the menu.

In the list of users, you now select the user who is to be the administrator for editing.

  • In the Administration Rights area of the user detail dialog, assign the desired roles (rights are cumulative).
  • The user must be able to log in to the WebAdmin. This requires a login. If authentication with respect to IQ4docs is to be used, assign a password to the user. Alternatively, domain authentication can also be used to log in to the WebAdmin (see also Use Active Directory authentication).

A role can also be assigned via the user import, see User Import.

If the administrator should only be able to see certain objects (e.g. devices), specify which administrative identifiers he should be able to see. These can be defined in the detail dialog of the administrator's user data record. In the Restriction to the following administrative identifiers field (the field appears once a role has been assigned), enter the administrative identifiers that may be viewed. Press Enter after each entry of an identifier (is highlighted in color), see also Administrative identifiers.