Roles and Permissions Help Information
OpenRMF® Professional has included roles and groups for permissions. Roles include things like Administrator, Editor, and Reader for general access into OpenRMF® Professional and your system package information. The Groups determine the system package and team subpackage access permissions within your accredtiation packages and templates area.
OpenRMF® Professional is multi-tenant by design, so you only perform functions and see data you are allowed to see. If you have no access to a system package or team subpackage, you never even see it listed. If you have reader access you can only view system package information. > There is a roles and permissions matrix available in the Soteria Software documentation area where your administrator downloads the software and documentation. Please ask them for that up-to-date matrix to see individual permission requirements related to OpenRMF® Professional screens and features.
OpenRMF® Professional uses Keycloak for its user listing, profiles, authentication and role authorization functionality. System Package and Team Subpackage permissions are saved internally in OpenRMF® Professional starting with version 2.14.01.
How Roles and Permissions work in OpenRMF® Professional
There is more detailed information in the Security Help Area of the OpenRMF® Professional Help.
Synchroninzing User Permissions from Keycloak
For those coming from v2.14.00 or earlier we explain the Synchronization Process for users in OpenRMF® Professional.
Managing Users in OpenRMF® Professional
Learn how to manage and list users and overall permissions in the Managing Users Area of the online help
Managing a User’s Permissions in OpenRMF® Professional
Learn how to add and remove permissions for system packages and team subpakcages in the Manage User Permissions Area of the online help.
Auditing
All access control violations are inherently recorded in OpenRMF® Professional unless specifically turned off in the Settings. This includes the userId, the username, the service being requested and the path and data requested that was denied.