IU Share System Roles

Description of permission roles

Permission levels are used to control and manage access to various features, functionalities, and workflows in the application. They determine the actions and operations that a user can perform within the application. IU Share permission levels are typically assigned to different roles or user groups, allowing for fine-grained control over the application's security and data integrity. A user is assigned privileges for each Org and workflow module they belong to. Additionally, a user with an Org permission can only be assigned to a single role for that Org.

Permission Levels
Role	Read	Write	Manage	Delete
Viewer	Special Cases	-	-	-
Contributor	Own	Yes	Own	No
Contributor Approved	Own	Yes	Own - no approval required	No
Contributor Plus	All Org	Yes	Own	No
Contributor Plus Approved	All Org	Yes	Own - no approval needed	No
Manager/Delegate	All Org	Yes	Own - no approval required	No
Manager Plus	All Org	Yes	Approvals/Process	Org Items
Processor	All Org(s)	Yes	Process	No
Administrator	All	Yes	All	Yes
IT Administrator	All	Yes	All	Yes

Permission Level Descriptions

A full description of each role in the system.

Added to various workflows and application components as needed for viewing.

Viewers (guests) can access certain parts of the application for a temporary time. Viewers typically have very limited permissions and can only perform basic actions, such as viewing some non-confidential content or submitting inquiries. An example of this type of user would be an auditor, external guest, investigator, etc

Create, edit, cancel, and view own requests
Manage notifications
Requests require Manager/Delegate approval

Contributors are the most common type of users who have access to the standard features and functionalities required to perform their tasks or interact with the system.

Create, edit, cancel, and view own requests
Manage notifications
Requests created by this role are auto approved

Create, edit, and view own requests
Manage notifications
View all Org requests
Requests require Manager/Delegate approval

Create, edit, and view own requests
View all Org requests
Requests created by this role are auto approved

Create, edit, cancel, and view own requests
Requests created by this role are auto approved
Manage notifications
Edit, view, and cancel all Org requests
Approve Org requests
Manage system template emails for their Org (does not apply to Orgs that do not process their own requests)
Manage Org users and access levels
Manage Org workflow module participation
View Org level data (such as list of current employees, accounts, etc)

Managers/Delegates have elevated permissions compared to contributor-level users. They have access to certain administrative features and can perform actions that viewers or contributors cannot. These may include tasks such as approving, disapproving, editing, requesting revisions, and adding specific modules or functionalities.

Includes all Manager/Delegate permissions
Includes all Processor permissions

Manager Plus combines the tasks of the manager and processor roles into a single, unique role. Please read both descriptions to understand the role.

Create, edit, cancel, and view own requests
Manage notifications
Edit, cancel, and view all items in their assigned Org(s)
Edit system template emails

The processor is a member of the Shared Services Team and is composed of skilled and trained professionals knowledgeable of IU financial systems. The processor interacts with contributors' requests enabling prompt and secure handling of each request coming into the system which allows for conducting immediate transactions. Once they receive a request, the team initiates an electronic document (eDoc) to process requests based on the information provided by the contributor.

While this role may seem like a Manager/Delegate, it expands beyond a single Org. This role takes into consideration the IU Org Hierarchy. An administrator would be assigned to an Org and have permission to engage like a manager for all Org equal to and lower in the Org hierarchy.

Create, edit, cancel, and view own requests
Manage notifications
Edit, view, and cancel all Org requests
Approve Org requests
Manage system template emails for their Org (does not apply to Orgs that do not process their own requests)
Manage Org users and access levels
Manage Org workflow module participation
View Org level data (such as a list of current employees, accounts, etc)

The administrator has a high level of access and control over the application. They can perform actions and operations within the system, including managing Orgs and accessing sensitive data. Administrators usually can modify permissions and grant or revoke access to some users.

While the IT administrator has access to engage in the system, it is mainly there to provide technical assistance when asked.

Create, edit, cancel, and view own requests
Manage notifications
Edit, view, and cancel all Org requests
Approve Org requests
Edit system template emails for their Org (does not apply to Orgs that do not process their own requests)
Edit Org users and access levels
Edit Org workflow module participation
View Org level data (such as a list of current employees, accounts, etc)
Enforce privacy/security, access, and policy compliance
Access, manage, and develop front and backend system of IU Share

The IT administrator has the highest level of access and control over the application. They can perform all actions and operations within the system, including managing user accounts, configuring settings, and accessing sensitive data. IT Administrators can modify permissions and grant or revoke access to other users.

IU Share System Roles

Description of permission roles

Permission Level Descriptions

Viewer

Contributor

Contributor Approved

Contributor Plus

Contributor Plus Approved

Manager/Delegate

Manager Plus

Processor

Administrator

IT Administrator

Office of Finance, Administration & Budget social media channels