Assign Clause for the Add Person Command

This clause associates the person you are defining with one or more roles or groups. Although it is not necessary to assign a person to a group or role, it is commonly done to provide easy access to business objects and access privileges.

This page discusses:

Syntax

assign [group GROUP_NAME] [role ROLE_NAME]
  • GROUP_NAME is the name of a previously defined group.
  • ROLE_NAME is the name of a previously defined role.

If either name is not found, an error message is displayed.

When using the Assign clause, you have the option of assigning only a group, a role, or a combination of a role within a group. You cannot include more than one group or role within a single Assign clause. You can, however, use multiple Assign clauses. For example, each of the following commands include a valid Assign clause:

add person myung
   assign group “Trade Show Support”;
add person jenine
   assign role “Product Demonstrator”;
add person jamar
   assign group “Trade Show Support” role “Trade Show Coordinator”;

Assigning a Role

To assign a role, use the Assign Role variation of the Assign clause. The key to determining whether a person should be assigned to a role is the job that person performs. The role identifies the person’s need to access particular business objects, the amount of access required to do the job, and when the access is needed.

Access to business objects and the files they contain is governed by a policy. The policy can define the groups, roles, and persons that do or do not have access to the business objects (for more information, see MQL Concepts: Policies). The access and amount of access for these classifications can change at various stages of the project life cycle. In many cases, it is easier to specify the roles or groups that should have access in a policy rather than list individual users. If personnel changes during some stage of the project, you do not have to edit every policy to change person names.

To assign a person to a role in the Add Person command, you use the Assign Role clause:

assign role ROLE_NAME

  • ROLE_NAME is the name of a previously defined role. If that role was not previously defined, an error message is displayed.

You can assign a user to a role in two ways, depending on how you are building your database:

  • In the person definition, as described here.
  • With the Assign Person clause in the Add Role command described in Add Role.

If you choose to define the persons first, you can assign them to the role later. If you choose to define persons last, you can make the role assignment in the Add Person command. Regardless of where you define it, the link between the role and person will appear when you later view either the role definition or the person definition.

Assume you are adding a person named Antonio Pelani with the following command:

add person "antonio pelani"
   comment “Directs the allocation and assignment of ER technical staff”
   assign role “ER Doctor”
   assign role “Lead ER Doctor”;

In this definition, the defined person is assigned two roles. While the roles are similar, there are distinctions between the Lead ER Doctor and other doctors. Therefore both role assignments are made. Remember that a single person can play many roles in a project. If the role is associated with a policy, it is easier to move a person from one role to another than to edit the policy for each person’s name.

Assigning a Group

Persons can be assigned to groups using the Assign Group variation of the Assign clause. As with assigning roles to a person, assigning a group is not required. However, assigning a group to a person is often the simplest way to assign access privileges to a new user.

A group identifies a set of users who should share access to selected business objects. In an engineering environment, it might be everyone who is working on a particular project. They would need to have access to drawings and documentation at different stages of the project in order to perform their jobs.

You can specify which groups have access to business objects and when they have access using the group name in the policy definition.

As stated in the previous section, access to business objects is governed by a policy. When a group is listed as a valid user in the policy, every person associated with that group has access to all business objects governed by the policy. If you know that a person will work with a group of people in the same function or project, it is easier to assign the person to the group than to edit the policy to add the person’s name as a valid user.

To assign a person to a group in the Add Person command, you use the Assign Group clause:

assign group GROUP_NAME

  • GROUP_NAME is the name of a previously defined group. If this name was not previously defined, an error message is displayed.

You can assign a user to a group in two ways, depending on how you are building your database:

  • In the person definition, as described here.
  • With the Assign Person clause in the Add Group command described in Add Role.

If you choose to define the persons first, you can assign them to the group later. If you choose to define persons last, you can make the group assignment in the Add Person command. Regardless of where you define it, the link between the group and person will appear when you later view either the group definition or the person definition.

Assume you entered the following Add Person command:

add person sheila
   comment “Assesses Training Needs and Implements Classes”
   assign role “Training Coordinator”
   assign group “Corporate Training”
   assign group “Customer Service”;

In this definition, the person is associated with two groups and one role. The person needs access to the customer service objects to work with customers who require training. The person also needs access to the business objects used by the training group. Each of these categories implies different access capabilities.

Since the Training Coordinator role is related to the Corporate Training group, this definition could be simplified by assigning the role with the related group. The following example rewrites the definition using the role and group combination:

add person sheila
   comment “Accesses Training Needs and Implements Classes”
   assign group “Corporate Training” role “Training Coordinator”
   assign group “Customer Service”;

Remember to determine which objects a person will need access to and when that access is required. The answer to those questions can guide you when assigning groups and roles to a person.

When a person is assigned a role within a group and then the assignments are printed, the output indicates this. For example:

print group “Corporate Training” select assignment;
group Corporate Training
   assignment = Corporate Training rob
   assignment = Corporate Training sheila Training Coordinator