[{TableOfContents }]

!!!ROLE TYPES USED IN SELF SERVICE
Role Types grant users execution rights and access to specific areas and data within the system.

!!Roles from Professional used in Self Service
![P2K_USER]
* Pre-defined by High Line
* Required role for Self Service
* Grants access to required objects in the database used by Self Service.

Every Self Service user (user profile) must be assigned the P2K_User role to gain access to Self Service. This role can be assigned within the Assign Roles to Users ([IMUR]) screen.

![P2K_MASTER]
* Pre-defined by High Line
* Grants execution rights to all Self Service and P2K functions
* This is the only role needed to grant execution rights to functions in Self Service for the Self Service master. It is pre-defined by High Line.
* Execution Type Roles

!User Type Roles
Grants users access to one or more functions within Self Service
* User-defined
* Used to grant execution rights to functions
* Multiple user profiles can be developed by creating various combinations of user type roles e.g. ETR_ESS_FT

Do NOT assign a password to any new roles you create for Self Service.

!!OTHER ROLE TYPES
!Menu
* Grants access to specified web modules/menus
* Pre-defined by High Line
* This type of role is used to present WEB_MENUS and WEB_SPLASHES
* For all Self Service packages
** [WWW_ADMIN] Web Site Administrator Self Service
* For Employee, Manager and Time Management Self Service
** [WWW_EMPLOYEE] Employee Self Service
** [WWW_MANAGER] Manager Self Service
** [WWW_SCHEDULER] Scheduler Self Service
* For Recruiting Self Service
** [WWW_RECRUITER] Recruiter Self Service
** [WWW_CANDIDATE] Candidate Self Service
** [WWW_PUBLIC] Open Postings, Public Access
* Each of these roles grants access to a module, but not execution rights.
* Contains the web menu for that module
* Will allow access to the menu for Employee Self Service
*Presents the employee with an icon on the Self Service toolbar with the following features:
** Highlighted when employee is active in that web module, grayed out when active in other web modules.
** When an employee has access to multiple web modules, multiple icons will show on the toolbar
** Employee can use these icons to toggle between web modules
** Employee can hover over these icons to receive tool-tip information on the web module
** No execution rights are granted by this role type to any Self Service functions.

!Executions
* Function Security: Grants Execution Rights to Functions
* User defined
* Used when creating UTR_%, e.g. UTR_EMPLOYEE
* Managed in Function Definitions ([IMFN])
* Used to grant execution rights for functions to a user
* Can focus this role on a specific web menu role (e.g. [WWW_EMPLOYEE] role/ ESS).
Example: If you only want to show the Company Directory ([WGMCD]) in the ESS module and hide it in the MSS module without having to remove the function from the delivered menu for MSS module.

See “How to Focus on a Menu Role” 

!Object Security
* Applies Security Restrictions to Database Objects
* User Defined
* Used to manage Object Security (similar to field security) in Self Service. The object security role, when added to any user profile, will control object security for that role (e.g. hide or make objects read only or mandatory)
* Can 'focus' object security on a web role (e.g. [WWW_EMPLOYEE] role/ESS)
Example: The object '[Social Security Number|GOVERNMENT_CODE]' can be hidden for managers on all screens while active in the MSS module, but will be visible to that user when active as an employee in the ESS module
* Object Security is managed using the following screens:
** Establish Object Security ([IMOS])
** Establish Form Object Security ([IMFOS])
** Manages the following types of objects on Self Service forms:
** Form Items (e.g. fields)
** Form Groups (e.g. groups of fields)

See “How to Focus on a Menu Role” on page 2 - 12

!Data Security
* Applies Security Restrictions to various types of data
* User defined
* Used to restrict user access to various types of data in the system
e.g. restrict data access by department, auth area, leave type etc.
* Can 'focus' data security on a web role (e.g. WWW_EMPLOYEE role/ESS)
Example: While in MSS module, a manager should only be able to see change requests ([WADAR]) for employees in Dept A. However, the manager is a part of Dept B so therefore, the restriction to Dept A should not apply to the ESS module, otherwise the manager would not be able to see their own personal information while active in the ESS module

!Not Specified
* Combination of Executions, Object Security and Data Security
* Pre-defined by High Line
* Combines characteristics of Executions, Object Security and Data Security role types into the same role type
* Typically used for 'power' roles like [P2K_MASTER]
* Typically not used in Self Service unless you intend to combine all 3 characteristics into one role
* Can focus this role on a specific web menu role


!Database􀁘
* Not used in Self Service
* Allows database access by that role (e.g. [P2K_USER], [P2K_DBA])