[{TableOfContents }]
!!!DEFINE ROLES
[{Image src='IMRO.JPG' width='360' align='right' link='attach/IMRO/IMRO.JPG'}]

System roles are added, created and changed on the Define Roles (IMRO) screen.

You need to establish the roles that will be used to identify what users attached to the role will have access to. You can assign a user to more than one role. The only time that the Default toggle needs to be turned on and the password filled in is if the role will need to have access to utilities external to the application (e.g. SQL). 

All roles should have a role type, and you shouldn't try to do anything outside of that type with that role. There are several types of roles that will be used:

!Business Role
A business role must be defined. This role is required and typically will set the web menu that the user will have access to when they log into the application.

We have specific roles for business levels that used for setting the menus and controlling access underneath that business function.

Clerks who are also the HR Clerk and PR clerk can be set to have the two different independent roles which the clerks can switch between via the menu. The security access beneath that is set to point to those business roles so they're only invoked when that role is in focus.

!Execution
Roles with Execution type are the only ones with execution rights. The Execution Role type is set up in order to give the user access to various functions within the application.

!Database
Basically, there are two database roles that are supplied by HLC:
;P2k_user:everyone has this
;P2k_database:for only those who have database administrator capability
There might also be a role for Discoverer users to be used for access at the database level. The only reason you'd make a Database role type is when the control or functionality for a role is controlled at a database level.

!SS Role 
This role is obsolete.

!Object Security
The Object Security role defines for the specific users what fields they can see on a function, further defining the function.

For example if there is no need to have a field displayed on a screen that field can be removed using Object Security. 

This will be explained further during the discussion of Field Security (IMFOS).

----
[{Image src='IMRO_Preferences.JPG' width='360' align='right' link='attach/IMRO/IMRO_Preferences.JPG'}]
!!Preferences
Preferences for roles depend on the type of role. Most are set only for a business roles, not database roles, etc.

For example on the Employee role, www_employee, you can set the preferences for the web splash, change the colour for the web theme, or allow query.

----
[{Image src='IMRO_Users.JPG' width='360' align='right' link='attach/IMRO/IMRO_Users.JPG'}]
!!Users
This tab allows you to see which users have been granted this role. This tab also provides the name and other information on the person.

The default tab only really needs to be set for the database assigned roles.

----
[{Image src='IMRO_ExecutionRights.JPG' width='360' align='right' link='attach/IMRO/IMRO_ExecutionRights.JPG'}]
!!Execution Rights
This tab is used on only for the execution rights role. For Execution rights roles, the Execution Rights tab defines the functions that this role will be able to access and whether they will be able to Create, Retrieve, Update or Delete within that function.
----
[{Image src='IMRO_DataSecurity.JPG' width='360' align='right' link='attach/IMRO/IMRO_DataSecurity.JPG'}]
!!Data Security

Data Security refers to the information within the field and is set up on the IMSV screen to say what data someone can or cannot see.
For example if only US lexicon values should be displayed for the Ethnic field on IEPI we can use Data Security to secure off this information so it's not visible to the user
[CLEANUP]