policyIQ provides a set of configurable security options that let you specify how your content is managed. One of the decisions you’ll want to make is whether a user who has access to a Page should be given rights as an Administrator or an Editor. What’s the difference? Why would I want to use both settings? Let’s explore!
A Page Administrator is responsible for the overall development of a Page. This includes setting the Page’s local permissions (who are the Editors, the Viewers, and are there other Administrators for this Page?) and also determining when the Page is ready to be published. Administrators can edit any of the fields on a Page, even when there are other Editors involved in the process. If there is no approval process in place (i.e., no Content Approvers specified at the Template level), a Page will be Published when the Administrator publishes it. If Content Approvers are specified, the Page is of course routed to those Approvers for their review.
Who should be Page Administrators? This will vary depending on your usage. Using an example of a Sarbanes-Oxley (SOX) Compliance application, the Administrator of a Control page might be a Process Owner. This is the person who is responsible for determining that Controls exist to effectively mitigate identified Risks. These users may grant Editor rights to individual Control Owners, but these Process Owners are ultimately responsible for the Controls. When a Control can be published, they either publish it, or if there is an approval process in place (which is what we recommend!), the Page would be sent off for review, likely to a SOX Management team.
A Page Editor is able to make changes to the fields on a Page, but that’s pretty much the extent of what they can do on a Page. They have to first check the Page out via the Available for Check Out menu in Create & Edit, or have a Page checked out to them by the Page’s Administrator. When they have made their edits to a Page, they check the Page back in. The Administrator then determines if it’s ready to be Published, or if further edits are required.
Who should be Page Editors? Users who are best positioned to provide the information being tracked on a Page should be given Editor rights at a minimum. As we noted in our SOX example above, a Control Owner may be given limited Editor access to a Page, while the overall Process Owner has the ultimate responsibility for it. Control testers are also frequently added as Editors on test pages. When a Control is ready to be tested, the Administrator will typically assign the Test Page to the Tester by adding them as an Editor and then checking the page out to them. The Tester fills in information related to the Test, then checks the Page back in.
How do I review my current Page Administrators and/or Editors? To quickly review the Administrator or Editor settings on Pages of a certain type, it’s best to create a Page report for that type of Page.
In the example image above, we’ve created a Detail report with a filter selection of Template -> Financial Control. We’ve also included Administrators as one of our column selections. In the image below, you can see the list that our report returned. The results include all of our Financial Control Pages, with the Administrators listed in the right column. Note that you can review your Editors by creating a similar report – just add Editors as a column selection.
Once you’ve reviewed the report results, you may realize that there are some instances where the user listed as an Editor on your Pages should really be given Administrator rights. Or you may determine that additional users should be added as Administrators on certain pages. Making these changes is a snap – even if you want to make multiple adjustments at once. Simply shift-click to select multiple Pages from your results table. Then click on Edit in the toolbar. You’ll see options for changing both the Editors and the Administrators.
Remember that taking full advantage of policyIQ’s flexible security setting will help you more effectively manage your content. If you’d like to get more information on your configuration options, contact your policyIQ Account Manager or send us an email at support@policyIQ.com!