The Ephesoft Semantik solution supports group based access controls that allow you to limit what privileges an individual user has. Your tenant will come with a default Admin group that is assigned the Admin role which provides access to everything. Your initial Semantik user is a member of this group.
Groups provide you with a way to assign and organize the desired set of capabilities for your users. Groups can be used to limit access but also act as means of streamlining the user interface by removing unwanted functionality. The abilities that are granted to members of a group are determined based on the roles assigned to the group. You decide how groups are defined and how many are needed to support your organization. When creating groups, you must provide a name and optionally a description. Once a group has been created you can then assign the desired roles for this group.
Create a new group by giving it a name.
Semantik comes with support for several different roles. Roles are defined by Ephesoft and the ones you find in Semantik capture the use cases that we most commonly see our users needing. Unlike groups, new roles cannot be created. A role represents a set of permissions that can be granted to a user by a group. The following are the roles available in Semantik.
Admin - Allows unrestricted access to everything. This role provides the combined ability to do everything that all other roles provide.
Access Manager - Allows the ability to create and manage users along with other security-controlled access points such as API keys.
Configuration Manager - Allows access to set product configuration options for Semantik such as your extraction settings and allowed email import addresses.
Operator - Allows users the ability to upload and process invoices with Semantik.
Vendor Manager - Allows users the capability to upload and manage the available vendors and associated information that can be attached to an invoice that is being processed by Semantik.
Assigning a role to a group is done by enabling the desired role in the group. Enabling the Admin role for a group automatically disables all other roles because the privileges granted by this one role are the sum of all others. When not granting the Admin role to a group you are free to assign as many or as few roles as needed.
Select the desired roles for a group.
Users have the ability to do everything that is granted to them by the groups that they are a member of. When you first create a user, that user isn’t granted the ability to do anything. They could log in but everything is disabled for them. To enable a user the access they need, you must assign them to the desired group or groups. A user can belong to any number of groups and the functionality granted to the user is the aggregate of all groups.
Create a new user by inviting them.
Assign the user as a member of a group.
If a user attempt to access features that they have not been granted they will receive the following message that directs them to contact their system administrator for permissions.