Access to AppWorx windows and objects are given using roles. Think of roles as containers to which objects and users are added. Users have access to all objects with which they share a container. Users and other AppWorx objects can be placed in more than one container. Access can further be restricted by designating Edit authorization to some roles and not to others. The number of objects and users that can be assigned to a role is basically unlimited. Objects and users can be assigned to more than one role. Users have access to all the objects in all the roles to which they are assigned.

Who is assigned AppWorx Roles?

AppWorx roles are similar to those roles set within Banner. However, AppWorx roles are not as granular and need careful planning when they are created. For instance we don't want to assign an edit role to a group of AppWorx users that would allow any one of those users to change something that didn't belong to them.

All role assignments for modules will be made within the Administrative Services group at Information Services. These roles will be assigned to the AppWorx user(s) based on the department the user belongs and their job function.

End User Roles

End users will be allowed to request modules, chains or other objects that they need to perform their job function. Each end user will need at least three roles;

• UO_END_USER_EDIT role

This role gives privileges to the end user to allow creation of AppWorx objects where needed. For instance, end users should be allowed to create calendars for their modules, change their Oracle login, create ad hoc reports, build notifications and create messages. The edit role has the following role authorities (able to view and edit AppWorx windows) assigned to it.

• Calendars
• Message Templates
• Notifications
• Reports

In addition to this roles, there is a role called BANNER_CHAIN_EDIT. Users who are assigned this role will be allowed to create chains within the Application that they have been assigned. See Applications below.

• UO_END_USER_NON_EDIT role

This role will allow end users to view windows within AppWorx, but not edit any of the objects within. This role is assigned to all end users. The following role authorities (View only screens) are assigned to this role.

• Applications
• Calendars
• Chains
• Explorer
• Logins
• Message Templates
• Modules
• Notifications
• Reports
• Requests
• LOGIN_[end_user] role (where end_user is your AppWorx UserID)

This role allows the end user to change his or her own Oracle database login password.

When an AppWorx end user logs in to AppWorx, their default security privileges are outlined in the table below.

Operations Menu	Edit	View
Explorer	No	Yes
Backlog Gannt View	No	Yes
Graphical Forecast	No	Yes
Forecast	No	Yes
Dashboard	No	Yes
Requests	No	Yes

Object Admin Menu	Edit	View
Calendars	Yes (Create)	Yes
Applications	No	Yes
Chains	No (unless) Chain Edit	Yes
Message Templates	Yes (Create)	Yes
Modules	No	Yes
Notifications	Yes (Create)	Yes
Reports	Yes (Create)	Yes
Logins	Yes	Yes

The Options and View Menu are available for setting personal preferences.

AppWorx Security Officer Roles

A UO_SECURITY_OFFICER_EDIT role has been created for AppWorx security officers. This role is basically the same as the UO_END_USER_EDIT role except that the security officer for each department will have access the capability of editing jobs in the backlog. Note that the only jobs the security officer will have access to are those that belong to the Application to which they are assigned.

• Calendars
• Explorer
• Message Templates
• Notifications
• Reports

We may create other roles as needed and as we move forward.

Applications

All banner jobs that are defined within GUAPCTL will be moved to AppWorx. The jobs will live within what AppWorx calls Applications. Applications can be thought of as modules within Banner or some other container for like objects. For example, there will be an Application called Banner Finance. All Finance GUAPCTL jobs will be moved to the Banner Finance Application within AppWorx.