Obzervr is back with another new Manager update for February!
Last month, we introduced Security Groups, which enabled Admins to bulk manage roles and permissions for Users.
A continuation of Security Groups, this month we’re introducing Template Groups. If you are not sure what Security Groups are, it’s best to read January 2023 - Security Groups for Obzervr Manager first before proceeding.
But what are Template Groups and why are they important?
Template Groups are a way to control the work templates and fragment templates that users can access and edit.
Previously Obzervr permissions for form building (Templates) are allocated to individuals by Administrators and those permissions are not granular; they are either turned on for a user or turned off.
This means that anyone with access to build a form can update all forms, irrespective of whether the form is their responsibility or not. For example, Safety forms are tightly controlled and managed by Safety teams and Templates utilised for integration with ERPs are managed by IT.
As a result, users who have this access could either intentionally or by accident edit a Template.
With the introduction of Template Groups, Admins will be able to define Templates where access should be limited to a group of users.
This will prevent users from updating key templates that are utilised for integration or safety compliance. It will also allow users to see templates for their work group or site, without having to sift through everyone else’s.
NOTE: this feature has been referred to as Controlled Forms, but hereon, in this article and in Manager, it will be called Template Groups.
Table of Contents
- What's Changed
How it works
- What to check before you try setting up Template Groups
- How to create a Template Group and how to add the Templates & Security Groups to your Template Group
- What the Template looks like once it’s been marked as Controlled
- What an Uncontrolled Template looks like
- How you can check what Template Group a Template is in
- What happens if the Template is in multiple Template Groups
- What happens if Fragments are in Secured Templates
- Use Cases
There are quite a few changes that you might notice:
- If you have permission, you will be able to see the new Template Group menu option.
- Users who have Fragment or Work Template access might notice a new lock symbol on templates indicating that it is secured.
How it works
Permissions required for Template Groups
Roles and permissions are a pivotal part of Obzervr, showing users only what they need to see and have access to.
If you’re not sure what Roles and Permissions are, read more about Roles and Permissions in Obzervr Manager before continuing with Security Groups and Template Groups.
There are a few prerequisites to setting up Template Groups that you might like to check before trying to create a Template Group. They are:
- You will need to have created a Security Group before you can add it to a Template Group. This will require Security Group Admin permissions. Read about How to Create a Security Group here.
- You will need Template Groups Admin permissions to create a Template Group. See the table below for an explanation of what these permissions will allow you to do.
- Other roles and permissions which will be pertinent to this feature are Work Templates Admin/Reader and Security Groups Admin/Reader. Your Work Templates permissions are important for Template Groups since it will make it easier for you to know which Templates you need to add to the Template Group.
So what are the new Template Groups permissions?
How to create a Security Group
If you have not created a Security Group already, you will need to do that before creating your Template Group.
Take a look at this Security Groups article to read more about how to set up Security Groups.
Some suggested roles for Security Groups, Work Templates and Template Groups are shown in the table below.
How to create a Template Group & add Templates + Security Groups to it
Now that you’ve added the Template to a Template Group, what’s next?
You might notice that in the Security Groups, there is a ‘Access Restricted’ option.
This will allow you to designate whether a Template Group shows as ‘Secured’ or not in the Templates section of Manager.
- Access Controlled turned ON = Template has ‘Secured Template’ marker
- Access Controlled turned OFF = Template does not have ‘Secured Template’ marker
What a Secured Template looks like for a user that does not have access to it
The user will not be able to edit the Template even if they have Work Template Admin permissions.
What a Secured Template looks like for a user that has access to it
Even though the Template is marked as ‘Secured’, the user will be able to create a Draft to edit the Template if they have Work Template Admin permissions.
What an Uncontrolled Form looks like
A Template Group where the Access Controlled is turned OFF will allow all users who have Work Template Admin permissions to edit the form.
It will look the same as Templates currently do. It will not show the ‘Secured Template’ marker. However, if you check the Template Details, it will show that it is in a Template Group.
How you can check if the Template is in a Template Group
Click through the steps below to see how to check if your Template is in a Template Group.
What happens if a Template is in multiple Template Groups
You will not be able to update a Template if it in multiple Template Groups, where one of the Template Groups has Access Controlled turned ON.
What happens if Fragments are in secured Work Templates
A scenario to watch out for is where Templates contain Fragment Templates. Whilst the Template might be secured, the Fragment Template will not be. To secure the Fragment Template, it will also need to be added to the Access Controlled Template Group.
Some ways that Obzervr has thought about using Template Groups were to:
- Control access to Safety Templates
- Control access to Integration Templates
- Control access to Service Sheets
Examples of ‘Safety Templates’ might be a Step Back, Take 5 or a Take Time. These are usually controlled by HSE.
An ‘Integration Template’ might be a Template in Obzervr that is used for integration with an ERP (i.e. Pronto or SAP). An example of an integration template might be a ‘Time Confirmation’ or ‘Timesheet’ template. The identifiers on these templates are used and should not be edited. These are usually controlled by IT Admins.
A ‘Service Sheet’ template in this case is a Maintenance inspection checklist for a piece of equipment or vehicle (usually called a Functional Location or Plant Item).
Some suggested Template Group configurations for some basic Security Groups are listed below. In this case, IT Admins have access to Integration Templates and Service Sheets, but only Safety has access to the Safety Templates.
Then, Planners and Supervisors will be able to access their Service Sheets, but Workers who have Capture access will not.
To facilitate this Template Group configuration, Security Groups should be configured with the following permissions. You can further remove permissions if required.