Administration > Security > Security Node

Security Node

Security is the management of permissions that particular groups or roles have to read, write, or edit data in Umbria. See the Default User Roles and Permissions included with Umbria.

Node Description
Modules

The Modules node lists the three main components of Umbria: Umbria (user-facing interface), Administration (the Admin Panel), and Litigator (Umbria File Manager). Select a module and click the Security button at the top of the list to set Allow Rules and Deny Rules for particular users or user groups. These rules simply grant or deny initial access to the modules; access to different areas and functions within the three modules is managed at the individual role level.
Organizational Security Role

This node lists all security roles that are read at the firm level rather than pertaining to a particular matter or client. Select a role to view the permissions granted in the Role Permissions list on the right. Alternatively, to see what roles are granted a particular permission, you can change the drop-down selection at the top of the screen from By Role to By Permission, which allows you to select a permission in the list on the left and see roles that are granted that permission in the list on the right.

If viewing By Role, you can add new roles, or double-click a role to edit it. On the Edit Role pop-up, you can do the following:

  • Enter a Name and a Code for the role. You can modify the Name of an existing role, but the Code cannot be modified after the role is created.
  • For the Mode, select one of the following:
    • Optimistic- If a user is granted a permission via this role but has other roles that do not grant that permission, the user will be granted the permission.
    • Pessimistic- If a user is granted a permission via this role but has other roles that do not grant that permission, the user will be denied the permission.
  • Use the Add button to move selected permissions from the Available Permissions to the Assigned Permissions list.

Note: If a new role needs to be created that is very similar to an existing role, you can quickly copy permissions by selecting the pre-existing role and clicking the Copy button, then selecting your newly added role and clicking Paste.

If viewing By Permission, you can click the Edit button to change what roles are granted the selected permission. Use the Add button to move roles from the Available Roles to the Assigned Roles list.
Matter Security Role This node functions identically to the Organizational Security Role node, but stores roles that pertain to individual matters, meaning permissions vary on a matter-by-matter basis.
People Security Role This node functions identically to the Organizational Security Role node, but stores roles that pertain to individual people (clients, employees, etc.), meaning permissions vary on an entity-by-entity basis.
Users

Users are typically imported from Active Directory, so it would not be necessary to make changes in this node. Each user's department is also imported and often matches a group set up in Umbria, allowing the user to automatically be granted the appropriate permissions.

Here you can select a user on the left side of the screen to view all groups to which the user belongs on the right. You can also perform the following actions:

  • Reset Password- Select the user and click the Reset Password button. In the pop-up window that displays, enter and confirm the new password, then click Confirm.

Note: If the user is an Active Directory user, if the password is reset, it is for the Umbria application only. The user's Windows password will not be changed.

  • View System Permissions- Select the user and click the System Permissions button to open a pop-up window showing the groups the user is a member of and the user's role in each, as well as the modules the user can access and the user's permission for each module.
  • Modify Email Settings- Select the user and click User SettingsEmail Settings.
    • Select Pending Tasks to determine whether the user receives an email when an assigned task is approaching its deadline.
    • Select Subscribed Budgets to change the days and time of day emails are sent regarding the budget status of matters this user is subscribed to.
  • Update Localization Settings- Select the user and click User SettingsLocalization Settings. Click the Edit button in the upper right corner of the screen to change any of the following:
    • Formatting Culture- Determines the regional formatting rules applied to data such as calendar dates and numbers (e.g., MM/DD/YY vs. DD/MM/YY, commas vs. periods as decimal separators).
    • Resource Culture- Determines the country/language tag for the code that is pulled into the Umbria UI, where applicable.
    • Preferred Currency- Determines the currency in which monetary values display by default throughout Umbria.
  • Enable Exchange Sync- Select the user and click User SettingsExchange Settings to enable contact sync with the user's Microsoft Exchange account.
  • Enable LinkedIn Sync- Select the user and click User SettingsLinkedIn Settings to enable contact sync with the user's LinkedIn account. You will need to log in to LinkedIn.
  • Set Budget Defaults- Select the user and click User SettingsMatter Planning Reference to determine how certain fields and available templates default when using the Create Budget or Request Matter Plan wizard. More information on these options is available in the User Settings section.
  • Manage Bookmarks- Select the user and click User SettingsManage Bookmarks to modify the display names of matters that display in the user's Subscriptions list on the Quick Actions screen. You can also remove one or more bookmarked matters by selecting them and clicking OptionsRemove Selected.
  • View Roles and Permissions- Select the user and click User SettingsRoles and Permissions. A list of roles and groups to which the user belongs displays. You can click a role or group to view all associated permissions, then click Back to return to the role/group list.
  • Impersonate- Click User SettingsImpersonate to start or stop impersonating another user. See Impersonation for more information.
  • Merge Users- Select this option to merge user information, in case you rename a user. This will help avoid any duplicate user details for the same person. On selecting this option two fields are displayed. From the Merge drop-down field, select the user to be merged, and in the Into Primary User, select the primary user. All the metadata associated to the user will be merged with the primary user and the earlier user will be marked as deleted in the system.
Groups

The Groups node shows all user groups that are used to categorize users for the purpose of granting security permissions. There are multiple ways of categorizing users (e.g., by department, or by personnel who work on particular types of matters), and the groups are listed by category. Available categories include Departments, Matters, People, Security, Users, Litigator, and Other.

You can view the number of users included in each group in the far right column of the list, and you can select a group to view or add users in the Members list on the right.

You can also select a group and click the External Accounts button to view and modify mappings between this group and a group in a source system such as Active Directory, Elite, or WorkSite.
Object Confidentiality

Here you can modify access to different confidentiality levels of matters, clients, and documents. For example, you might allow all users to access documents with the lowest confidentiality level of Public, but each increasing level of confidentiality would be available to fewer users.

From the Select Object Type drop-down at the top of the screen, choose Client, Matter, or Document. A list of different confidentiality levels for the selected object displays.

Option Description
Edit Properties You can select a confidentiality level and click Edit Properties to modify its name or enable/disable it.
Edit Security

Click Edit Security to set up an Allow Rule or a Deny Rule for a certain user/group or for a certain role in relation to the client/matter/document (e.g., Responsible Lawyer).

To enable a user group to impersonate another role, in the drop-down for User/Group select the impersonator group and in the Role drop-down select the role to be impersonated. For e.g., if a pricing team member wants to impersonate a partner role, in the Object Confidentiality panel>select Pricing team> click Edit Security>in the Group Security dialog> click Add> from the User/Group drop-down select Pricing team and from the Role drop-down select Partner. Save and Update Group Security.
View Objects The # of Objects column shows the number of clients, matters, or documents included in each confidentiality level. You can click the View Objects button to see a list of all included objects.

To view all rules currently set up for a confidentiality level, select the confidentiality level and click the Grant and Deny tabs in the rule list on the right side of the screen.
Implicit Security By Metadata

This page is used when giving a user access when they are not billing to a matter. For example, a Practice Manager for a specific department may not bill time to matters but they may have can see everything associated with the matters by being assigned a role that allows them to see everything in that department.

This node displays a parent-child relationship of Groups and Members, each Group can have multiple Members. You are provided with options to add, edit, and remove multiple Group and Member entities, as well as filter Group entities and assign each group multiple members. You can also add and view Accounts from an external system for multiple groups.
Roles

Here you can see all security roles set up in the system and which permissions are granted to each.

After selecting a role, select a permission group to view all permissions included in that group. The Global permission group, for example, includes roles related to viewing and accessing certain areas of Umbria, while the People and Matters groups include roles related to performing actions on clients and matters/budgets, respectively.

In the Role Permissions list, each permission with the checkbox selected is granted to the selected role.

To add a new role, click the Add button at the top of the list.

  • Enter a Name and a Code for the role. You can modify the Name of an existing role, but the Code cannot be modified after the role is created.
  • For the Mode, select one of the following:
    • Optimistic- If a user is granted a permission via this role but has other roles that do not grant that permission, the user will be granted the permission.
    • Pessimistic- If a user is granted a permission via this role but has other roles that do not grant that permission, the user will be denied the permission.
  • For the Module, select Umbria (Umbria interface), Administration (Admin Panel), or Litigator (also known as Umbria File Manager).
Permissions

Here you can manage permission groups and the permissions included in each. After selecting a permission group, you can select an individual permission to view the roles granted this permission in the list on the right.

When adding a permission group, you must specify a Name as well as a Module of Umbria (Umbria interface), Administration (Admin Panel), or Litigator (also known as Umbria File Manager).

You can also add and edit permissions within each group.

Note: Some firm policies may require sensitive data like margin columns to be hidden from view for certain users or groups. A table at the end of this topic lists some margin-specific permissions to be aware of.
Application Roles

Here you can define default modules (system areas) that each particular role should see upon accessing Umbria. See Set App Role for more information.

Adding a New User

To add a new user:

  1. Click the Users node in the Security folder. The User Administration tab appears in the main application space.
  2. Click the Add button from the command bar. The Add Record pop-up box appears.
  3. Type the user’s login name in the Username field.
  4. Type how the user's name should display in Umbria in the Display field.
  5. Type the URL for the user’s summary in the Person Profile field. This information appears as part of the user’s contact profile in the People module.
  6. Type the user’s email address in the Email field.
  7. Select the App Role for the user from the drop-down.
  8. Click the Enabled check box then click Save. The user appears at the bottom of the User Administration tab.

View and Update Member List of Group's

  1. Click the Users node in the Security folder. The User Administration tab appears in the main application space.
  2. Filter and select the user name you want to update the group membership.
  3. The groups that the user is member of, is displayed in the right panel.
  4. Click the Add button from the command bar. The Select group membership(s) for this user pop-up box appears.
  5. Select the group from the drop-down then click Save. The group appears on the list. You can select multiple groups. To delete a selection, click on the 'x'.
  6. To remove a group, select the group then click Remove.

Margin-Specific Permissions

Permission Code
Ability to view margin column in general Umbria_View_Margin
Can view a resource’s margin in a budget Umbria_View_Resource_Margin
Can get margin for client side calculation Umbria_Data_Margin
Can view the margin graph on the matter revenue report Matter_View_Revenue_Margin_Graph
Can view the margin graph on the client revenue report Person_View_Revenue_Margin_Graph
View the profit margin on line items on revenue page Line_item_Profit_Margin
View the profit margin totals Total_Profit_Margin
View the matter margins Umbria_View_Matter_Margin

Set New App Role

The Umbria default module page is determined as per the role assigned to the current logged in user. For e.g. a user with Partner role is usually assigned the Partner Dashboard. To change the default landing page for user roles:

  1. Click the Application node in the Security folder.
  2. Click the Add button from the command bar. Add role and from the Default Module drop-down, assign the module page to the role. The page selected here will be the default landing page for the user role.
  3. Click the Users node in the Security folder.
  4. Click the Add button to add a new user or select the user name and click the Edit button.
  5. In the App Role drop-down, select the application role for the user, as set in the Application node.

  6. The Umbria Dashboard landing page, for the specific user role is determined as per the App Role selected here.

App Role Default Module List

The table below lists the default Umbria modules and the dashboard page associated to it.

Default Module Umbria Dashboard / Home Page
Home Monitoring & Budgets
Matters Matter Search
IT Admin IT Admin
Invoices Expenses
Documents Documents
Opportunity Opportunity Search
Tasks Tasks
Profit Profitability
My Performance IT Admin
Arrangement Arrangements
Monitoring Monitoring & Budgets
Pricing Pricing
Collection Collection
Talent Management Talent Management
Financial Financial Practice Group Performance
People Experience & Relationship
My Contacts My Contacts
Proposal Proposal
Billing Billing
Reports Reports

Note: If the logged in user does not have permission to view the Default Module page assigned, an error message will be displayed. To enable view, you may have to edit permissions for the user groups, to which the user belongs.

Last updated on August 05, 2019

SUPPORT

+1 312 462 3800 (Weekdays, 9:00 AM - 5:00 PM CST)

support@prosperoware.com

http://support.prosperoware.com/