Heritage Operations Processing System
Back to Home | Back to HOPS Support

Permissions

There are three ways of having permission to do view or edit items in HOPS. If a user has permission by any one of these ways they will have permission. There is no difference if they have it by several routes.

For some of these permissions there may also be a subject, ie, for the View Rosters permission, the subject might be 'department', so that a user can be allocated permission to view rosters in one or more individual departments. Sometimes there will also be an 'all' option.

Some permissions have a yellow or red dagger after their name. Permissions with a yellow dagger give elevated access and are intended for managers and users with specific job roles. Permissions with a red dagger are the most serious and are intended for the HOPS Admin only. Permissions with no dagger are intended for front-line staff.

All permissions are administered in HOPS Admin > Permissions Admin. Permission 015 required.

It is always best to administer permissions by group if possible.

Route 1: FOR SPECIFIC JOB ROLES

The best way to administer permissions for individual job roles that AREN'T whole departments of staff is via a permission group.

This is most appropriate for job roles such as 'General Manager' or 'Signalling Inspector'. It is not appropriate for roles that are whole departments of staff, such as 'Guards', or 'Drivers'.

This is still true even if only one user will be in the group.

- Created a permission group for the job role (HOPS Admin > Permissions Admin > Groups tab)
- Add the permissions required for the role to the group (Permissions tab)
- Add the user in the role to the group (Individuals tab)

The user will then obtain all the permissions in the group.

More than one user can be added to the group if required, such as if a team of people undertake the role (ie Signalling Inspectors), or if the person has a deputy, or if they go on holiday etc. All the people in the group will obtain all the permissions in the group.

Users can be added to and removed from the permission group via HOPS Admin > Permissions Admin > Groups tab > then select the group required and the 'Individuals' tab. This shows a list of users in the group

The same result can be achieved the other way round, ie showing a list of groups for the user, but going to the 'Browse by User' tab, and selecting the required user. The result is the same (ie there is no difference between adding a group to a user or a user to a group).

Any new person that is appointed to the role, temporarily or permanently, is simply added to the group to obtain the permissions, and any that stop working in the role are simply removed from the group to lose those permissions (unless they also obtain by virtue of belonging to another group, etc). These changes of personnel can then easily take place without the administrator needing to think again about which permissions are required for the job role each time.

Groups are appropriate even if only one person will be in them - ie 'General Manager' - this makes it very easy to administer when the GM changes or a deputy is appointed to cover for leave or sickness etc.

A group can be configured to allow/disallow the adding of individuals/departments. If a group is for a job role, it is best to set the group to not allow the addition of departments, to avoid errors. If the role relates specifically to a department (ie PW Manager), it is best to restrict the group to just that department, to avoid errors.

A group can also be configured to allow 'front line permissions only', 'up to yellow' or 'up to red' (ie all). Depending on the nature of the job role the group has been set up for, select an appropriate maximum level of permission. This will show/hide the tick boxes for the permissions that are/aren't allowed on the tab where permissions are added to the group, reducing the possibility of clicking the wrong box and granting an inappropriate permission. Ie, a group for 'Signalling Inspector' might be set to 'up to yellow', a group for 'HOPS Admin' might be set to 'up to red', and a group for Handyman' might be set to 'front-line permissions only'.

Route 2: FOR DEPARTMENTS

A Department can also be linked to a Group.

Then, every user who is a member of that department automatically gains all the permissions from the Permission Group.

This is the best way to administer permissions that all staff in a department will require, such as the permission to enter availability or view rosters, etc.

- Created a permission group for the staff in the department (HOPS Admin > Permission Groups)
- Add the permissions required for the department to the group (Permissions tab)
- Add the department to the group (Linked departments tab)

For example: for a Department called Responsible Officers, if the Responsible Officers Department was linked to the Responsible Officers Group, then everyone who is in the Responsible Officers Department will automatically gain all the permissions assigned to the Responsible Officers Group.

This route is a very easy way to manage permissions as, once set up, users will automatically receive and lose permissions as they join or leave departments.

This is the most appropriate way of managing permissions that apply to groups of staff - ie all signalmen or all guards, etc.

A group can be configured to allow/disallow the adding of individuals/departments. If a group is for a department, it is best to set the group to not allow the addition of individuals, to avoid errors. It is best to restrict the group to just that department, to avoid errors.

A group can also be configured to allow 'front line permissions only', 'up to yellow' and 'up to red' (ie all). Depending on the nature of the role the group has been set up for, select an appropriate maximum level of permission. This will show/hide the tick boxes for the permissions that are/aren't allowed on the page where permissions are added to the group, reducing the possibility of clicking the wrong box and granting an inappropriate permission. Most department groups will be set to 'front-line permissions only'.

Route 3: ALLOCATE TO INDIVIDUAL USER

This is the least efficient way to manage permissions and should be avoided if possible.

Although this is the simplest, and first-principles, way of allocating permissions, it is the least efficient. This is because each time a person changes roles, it would be necessary to identify which permissions they still required and which ones they no longer did. The same will be true of anyone new covering the role temporarily or permanently. Groups are always a better way.

Individual permissions can be edited in HOPS Admin > Browse By User, then scrolling to below the groups.



HOPS is continually being developed and updated. Sometimes the screen shots in these help files might lag behind the most up-to-date views of the screens. Generally, however, the functionality of the page will be the same, albeit with a slightly different format or layout.

Thank you very much indeed to Emma Patrick for writing these support pages.