Access Groups is a powerful function that restricts access to vehicles, putting in place 'partition walls' between clusters or groups of users and the vehicles they can access (make bookings for).
There are two components to access groups - users and vehicles. 'Rules' defined which users can access what vehicles.
Why Use Access Groups?
Without access groups, any staff member can book any car in any department. When they go to collect the keys they may well be rejected by the person handing out the keys, but from a system perspective any user can book any car. Enter Access Groups.
Access Groups segment your vehicles into virtual pools, with each pool having a group name. Similarly, staff are assigned to groups and a marriage is made when the user's group name aligns with the vehicle's group name.
Default is Disabled
By default, the access groups function is disabled for all installations. Before you enable this function, please read the rest of this article entirely. Warning - complaints from users will be forthcoming if the access groups are not setup correctly!
Step 1 - Defining Groups
The first step is to define our groups. Each group has a name, and that name can be anything you want.
- Click Sysadmin
- Click Access Group Names (under the System Data heading)
- Type an Access Group Name and click Add. Repeat as necessary for each group
Step 2 - Vehicles
Next, we classify vehicles as belonging to groups. A vehicle can belong to a single group, or multiple groups. Give some thought to your group naming strategy!
- Click Sysadmin
- Vehicle Register, edit a vehicle
- In the top part of the page, tick the box (or boxes) for the access groups
- Click Save to save the vehicle record.
- Repeat for each vehicle.
Important - as of version 3.1 (Jan 2013),
Step 3 - Users
Quick recap; we have defined Groups, we have classified some (or all) vehicles to their groups. Next we determine how users get classified into groups. There are two ways:
(a) Explicit - we ask the user to select their group on the Welcome page; OR
(b) We define some rules and triggers
3(a) - Explicit
With this method, an extra field is automatically added to the Welcome page, asking the user to select which group they belong to. Note using this method a user can only belong to a single group. For users who have already on the system and therefore completed the Welcome page, they will need to click 'Update My Details' on the bottom left corner to set their group.
A more advanced way to assign users to groups is setting up some rules-based triggers. This is quite powerful.
- Click Sysadmin
- Click Access Group Rules (under the Security & Permissions heading)
- Click Add to create a new rule
- For the field, select a field that the user would have completed on the welcome page
- For the condition, select an operator (e.g. Contains text, Equals)
- For the value, select a value (for Equals) or type some text to do a partial match (for Contains text)
- Select an access group to assign this user to, if the above conditions are met.
For example, you may create a rule to assign users to the group 'Trucks' if the user's Licence Type equals 'Heavy Rigid'
Important - once you click Save to create the rule, the system will scour the database looking for user matches, and automatically assign their access group. Deleting a rule, or editing an existing rule, will also update all access group assignments, so use with care!
Step 4 - Activation
Up until this point the access groups are not yet active. That is, you can go ahead and set everything up without disrupting the users. When you are ready to activate:
- Click Sysadmin
- Click Application Settings (bottom right-hand corner, you may need to scroll down the page)
- Scroll down the Application Settings page and set 'Access Groups Enabled' to 'Yes'
- Underneath this setting, choose a method, either (a) or (b) in Step 3 above.
- Click 'Save' to save the application settings.
- Access groups are now live and active!
Revisit the Sysadmin > Manage Access Groups to see a count of how many cars are in each group, and how many users are in each group.
Jan 2013 Update + Example
As of version 3.1 (Jan 2013), any vehicle that is not assigned to an access group will be available to all users. Vehicles that do have one or more access groups ticked will only be available to those users in that access group. Let's go with an example:
Let's say there are 30 cars in the fleet, scattered throughout different departments, with different usage scopes (General Pool, Dept Use Only, etc..). The Physical Therapists (PT) have two station wagons, not included in the base 30 cars. So all up you have 32 cars, but the 2 PT cars are strictly off limits to any other department.
Without access groups, any user from any department would be able to book the PT cars. The PT staff may be a little hesitant, shall we say, to come on to the PoolCar system for fear of other users booking 'their' cars.
You would create a new Access Group called "Physical Therapy", add the two station wagons to the vehicle register, and for each you would tick the Access Group box, thereby allocating these two wagons to the Physical Therapy group. Note, you would leave all other cars such that they are NOT assigned to any particular access group.
On the welcome page, staff would then select that they belong to the Physical Therapy unit (or not, as the case may be). Non-PT staff would only see the 30 base cars. PT staff would see all 32 cars.
If, alternatively, you wanted the PT staff to only see their 2 cars, and all other staff to only see the 30 cars (mutually exclusive), you would create a second access group, called "All Non PT Staff" (or something similar), and allocate all 30 cars to this access group. You get the idea.