28 October 2021

What are authorisation policies?

Authorisation policies define the roles and permissions of users in the Edge apps such as the Applications app. For example, admissions staff with the role Applications officer can create applications. Policies have a hierarchical structure where policies inherit the roles and permissions of parent policies. For example, the role Application officer inherits the permissions of the role Applications viewer and has some additional permissions.

The default policies, roles, and permissions cannot be changed. However, you can create your own policies, roles, and permissions as required.

Users belong to groups in SITS or groups in Active Directory, which must be assigned to the appropriate role. Groups are assigned to roles through identity roles. Users assigned to more than one role have the permissions of all their assigned roles.

SITS RGD (role group definitions) have the fields Edge role and Custom Edge role, which are used to assign the SITS RGD (role group definition) to the Edge roles.

For further information, go to RGD (role group definition) in the SITSVision manual.

In the diagram Identity roles admissions staff in the SITS RGD (role group definition) with the Edge role ApplicationsSupervisor are assigned to the role Applications supervisor for the Desk access policy. Also, the Custom Edge role ApplicationsViewerScience assigns admissions staff to the science desk with the permissions to process applications at the science desk only.

Identity roles
Diagram illustrating SITS RGDs being assigned to Edge roles

The authorisation policies are detailed below.

Admissions defines the roles and permissions of admissions staff.

Applications

Applications has the Desk access policy that defines the roles and permissions that apply to all desks. The child policies of the Desk access policy define the roles and permissions for individual desks. Use the Desk access policies to set up desk-based processing.

Defines the roles and permissions that can view and edit application data. The permissions are detailed in the table Applications permissions.

Applications permissions
Permissions Options Description
Applications View, edit Review applications at a desk and access the applicant's information for those applications. View is a prerequisite for modifying applicant data in addition to specific permissions.

Edit basic application information, manage clearance checks, and assign applications to desks and folders.
Application review View Review applications using application review.
Decisions Customise, edit, publish, view Permissions can restrict admissions staff to do the following in decision making and offer tracking:

  • Customise the main decision or additional conditions using the Decision builder.

  • Edit the decision details, such as making offers or rejections, change the main decision or additional conditions, and submit decisions to calculate the decision status. Edit offers to override the decision status or conditions.

  • Publish the decision for an application.

  • Review the decision details for an application and track offers made to applicants.
Finance View, edit Review or edit finance information of an application such as the fee quotations of fees applied to the application.
Selection and credits View, edit Review or edit the selections and credit details for an application, including module selections and module credits.
Statements and references View, edit Review or edit the personal statement and references for applications that reside at a desk.
Timeline View Review an application's timeline that details changes made to the application.

Applicants

Defines the roles and permissions that can view or edit data linked to applicants. The permissions are detailed in the table Applicants permissions.

Applicants permissions
Permissions Options Description
Agents View, edit Review or edit the agent or agency that assisted with the completion of the application.
Education and experience View, edit Review or edit the applicant's education, such as qualifications, and employment history of the applicant.
Identity and immigration View, edit Review or edit the immigration status and the applicant's passport and visa details.
Roles that have permissions to view or edit agents, education and experience, and identity and immigrations, also require the corresponding view or edit Applications permission on at least one desk where the applicant has an application.

Applications management

Defines the roles that have permissions to use the applications manager as detailed in the table Applications management permissions.

Applications management permissions
Permissions Options Description
Applications management View Review applications using the applications manager.
Roles that have permissions to use the applications manager also require the Applications view permission on at least one desk where the applicant has an application.

Create applications

Defines the roles that have permissions to create applications as detailed in the table Create applications permissions.

Create applications permissions
Permissions Options Description
Create applications Edit Create an application.
Roles that have permissions to create applications also require the Applications view permission on at least one desk where the applicant has an application.

Defines the roles and permissions required to access the applicant portal. The permissions as detailed in the table Applicant portal permissions.

Applicant portal permissions
Permissions Options Description
Applicant portal access Not applicable Access the applicant portal.

Edge authorisation is the parent policy for all policies and defines the permissions to use apps and manage authorisations as detailed in the table Edge authorisation permissions.

Edge authorisation permissions
Permissions Options Description
Manage authorisation None Change authorisations for the app. For example, manage the roles and permissions of admissions in the Applications app.
Use app None Use the app associated to the permissions. For example, allow admissions staff to use the Applications app.

Defines the roles and permissions required to subscribe to events. The permissions as detailed in the table Events integration permissions.

Events integration permissions
Permissions Options Description
Events subscriber Not applicable Subscribe to events from Applications.

Defines the roles that have the permission required to set up integrations with Edge as detailed in the table Integrations permissions.

Integrations permissions
Permissions Options Description
Configurations View, edit Review or edit pipeline configurations.
Integrations Edit Edit third-party system integrations, such as the Self-hosted integration runtime.
Reports View Review pipeline reports.
Runs View, edit Review pipeline runs and transformation errors. Edit the pipeline runs to change the schedule and triggers.

Defines the roles and permissions required to access and view applicant profile.. The permissions as detailed in the table People permissions.

People permissions
Permissions Options Description
Culture and environment View, edit View or edit the culture and environment fields containing information regarding a specific person.
Family Edit Edit family fields containing information regarding a specific person.
Identity View, edit View or edit the identity fields containing information regarding a specific person.
Individuality and characteristics View, edit View or edit the individuality and characteristics fields containing information regarding a specific person.
Staff details Edit Edit identity fields containing information regarding a specific person.

Defines the roles and permissions to view and edit reference data as detailed in the table Reference data permissions.

Reference data permissions
Permissions Options Description
Reference data View, edit Review or edit reference data.

Defines the roles and permissions required to review and manage tasks. The permissions as detailed in the table Tasking permissions.

Tasking permissions
Permissions Options Description
Manage tasks Not applicable Review and manage tasks.
Manage tasks setup Not applicable Manage and set up tasks.

Defines the roles and permissions required to view and edit workflow. The permissions are as detailed in the table Workflow permissions.

Workflow permissions
Permissions Options Description
Business entities View Review the business entities.
Workflow schemas View, edit Review and edit workflow schemas.