Chapter 27. Employee Groups
Prism 1.14.7 User's Guide Chapter 27. Employee Groups PDF
Prism 2.2 User's Guide Chapter 27. Employee Groups PDF
Prism uses a role-based security system in which users create groups that represent key roles in the company (e.g., Manager, Associate, Buyer) and then assign individual employees to one or more groups. The employee inherits the permissions assigned to the group. Via group permission assignments, you can easily control employee access to specific Prism features and areas. This helps retailers meet the important security principle of least-privilege in which users are granted access to only those program areas and features necessary to do the user's job.
You can assign "override" permissions for key tasks. This allows a manager to log in so that the task, which is normally off-limits to the employee, can be completed when needed. When a user tries to perform a task controlled by the permission marked for override, a dialog is displayed so a manager or other user with higher privileges can log in. As soon as the task completes, the override user is automatically logged out.
Users can create as many groups as needed.
For each group, users can:
- Select the employees who are group members
- Select the permissions that group members are allowed to use (default = deny)
- Add or remove employees from groups by editing the employee's record.
If an employee belongs to more than one group, the employee inherits the higher privilege. For example, if a user belongs to Group A that has the "POS - Return Item" permission set to allow, and Group B that has the same permission set to deny, then the higher privileges of Group A are applied, and the user will be allowed to return items.
When you first install Prism, a single default employee group called the Administrator group is created. The default Prism Administrator group enables users to log in to Prism and initialize the system.
When a new Prism server is initialized, employee groups are copied from the POA to the new server. You will then have access to all the groups defined in POA. The default Administrator group created during the initial install is overwritten during initialization. After you initialize Prism, go into Employee Groups and confirm that the groups defined at the POA were copied correctly to the Prism server.
Each employee must be assigned to at least one group and can be assigned to more than one group if the employee's role in the company warrants it. Add or remove employees from groups by editing the employee's record.
Basic Steps
1. Configure employee preferences and permissions.
2. Create employee groups
3. Create employees, if needed.
4. For each employee group - existing and newly defined groups- edit group permissions to control employee access to specific areas and features in Prism.
5. Assign individual employees to groups as needed.
New Group
Users can add as many new groups as you need. All permissions for new groups are set to "Deny." Enable the needed permissions for the new group.
From the Prism menu, select Store Operations, then navigate to Employees > Groups button.
Click the New button on the bottom toolbar.
Enter a name for the group. Group names are limited to eight letters. You can enter a Description that gives more detailed information about the group and its permissions.
Save the changes.
After saving the new group, you can edit the group details to assign Employees and Permissions for the group.
Sample New Group with all permissions set to Deny:
View/Edit Groups
Select Store Operations from the Prism menu. Click the Employees button. Click Group Management.
When you access Group Management, a screen for filtering/searching for groups is displayed. Click the dropdown to select a lookup field.
Filtering the Group List
If you have many groups, you can use the filter feature to find a specific group. In the Group Management area you will see a Search By dropdown and text box where you can type a group name or part of a group name. By default, the search will look for records that have text that equals the search criteria. You can use a different operator, if desired, such as Not Equals, Contains, isEmpty, or isNotEmpty. Click the Search button on the bottom of the screen to start the Search. The results are filtered to match the entered criteria. The Total Records element shows how many records were returned by the Search.
To display all groups, don't enter any filter criteria. Instead, just click the Search button.
Edit Group Details
Click the check for the group you want to edit. This will enable the Edit button. Click the Edit button, make any needed changes and then click the Save button at the bottom of the screen.
- Group Name: Type a name for the group. Group names are 30 characters maximum.
- Description: This field enables you to enter a longer text string to describe the group.
Group Permissions
The permissions assigned to a group define which program areas and features that group members can use.
For most permissions, you have three choices: Allow, Override, or Deny.
Allow: Group members have access to the program area or feature.
Override: When group members try to access the area or feature, an override dialog is displayed, so that a user who belongs to a group that is assigned the permission can log in and complete the action.
Deny: Group members do not have permission
When assigning permissions for a group, you can use the Allow All, Deny All and Override All buttons to quickly select or clear all permissions for an area.
Edit Group Permissions
Select the group whose permissions you want to edit by clicking the check mark on the left column.Click the Details button. The Group Details screen is split into two panes. One pane is for editing the Group Name and Description. Another pane is for editing the Group Permissions.
Click the Edit button.
In the Permissions area, select the appropriate radio button for each permission: Allow, Deny, or apply Override. Use the Allow All, Deny All, or Override All buttons as needed.
When finished, save the changes.
The list of permissions is grouped by area. Each area is marked by a node that can be expanded or collapsed. To find a permission, you can scroll the list, or type all or part of the permission name in the Search field at the top of the list. When you type a permission name in the Search box, the node that contains the matching permission is expanded so you can find it more easily.
View/Edit Group Members
Each employee must be assigned to one or more groups. The group(s) that an employee is assigned to determines the features and areas of Prism that the employee can use.
In Group Management, find the group want to edit. Click the check mark on the left column.
Click the Employee Assignments button on the bottom menu.
Sample Group search results with Employee Assignments button on bottom menu:
A screen for selecting individual employees is displayed.
Type the name of an employee and press the Enter key. The list is filtered to show employees that match the filter criteria.
Employees who are assigned to the group have the boxes checked. Employees who are not assigned to the group are unchecked. You can filter the list to display only checked or unchecked employees by clicking the buttons. In the upper-right is a Check All button that can be used to select the checkboxes for all employees.
When finished, save the changes.
The Check All button is a toggle that changes between Check All and Check None. This enables you to easily select all or clear the check boxes for all employees.
Restrict Tenders by User Group
Permissions enable you to restrict the use of tenders by user group. There are separate give/take/return permissions for each tender type. To assign these permissions, navigate to the Permissions area of the Admin Console. Select a group from the dropdown (e.g. Admin, POS, or Managers). Expand the Tenders node and select the Allow radio button for individual tenders as needed. Save the changes when finished. The Tender permissions will only be applied if the tender is already selected in Tender Requirements for that specific action (give/take/return).