AX2572

About subsystems

Subsystems are used to create distinct groups of users who need to be restricted to a certain maximum level of access. When you create a subsystem, you define:

  • The maximum permissions for the subsystem. Using the standard security permission settings, you specify the maximum level of permissions that any user who belongs to this subsystem can have.

  • The users who belong to the subsystem. The permissions for these users cannot exceed the subsystem maximum permissions. Roles can also optionally belong to a subsystem, and will be limited to the subsystem maximum permissions.

  • The subsystem administrators. Subsystem administrators can access Axiom security for purposes of managing users and roles that belong to the subsystem.

For example, imagine that your organization has three different facilities, and you budget for all of these facilities within the same Axiom system. Each facility has a set of users, and you want to limit those users to a specific set of plan files and reports. You also want to allow the finance manager of each facility to control the user rights for their facility, but you do not want to make them full system administrators.

Example system with subsystems

You could use subsystems for this configuration as follows:

  • Create a subsystem for each of the facilities. You can assign existing users to the subsystem, and/or the subsystem administrator can create users for the subsystem.

  • Within each subsystem, specify the maximum level of user rights for that facility. This would include plan file access filters to restrict the set of plan files in a file group, and folder permissions for the Reports Library (for example, each facility might have their own folder in the Reports Library, and you would grant each subsystem permission to only the appropriate folder).

  • Within each subsystem, assign the facility's finance manager as the subsystem administrator. That user could then manage the rights for each user in the subsystem, including granting the users rights to the necessary plan files and reports (either individually or by using roles). The users can have a lower level of rights than what is allowed by the subsystem, but they cannot have a higher level.

Each user can belong to one or more subsystems. If a user belongs to multiple subsystems, the limits for each subsystem will be applied independently (in other words, using OR to concatenate the restrictions where applicable instead of AND).

In systems with installed products, subsystems are used to control access to specific products. These subsystems are product-controlled and delivered with the product. For example, you may have subsystems for Capital Planning and Budget Planning. You can assign users to subsystems based on the specific products they should be able to access.