Re: Docuware why are there roles, 2 different profiles, groups, and users?

Docuware has a very sophisticated set of tools that allows you to control security and access to systems, information, and images.  
To describe it, I use the analogy as if you are a steelworker on a tall building. 

We are building ‘Docuware plaza’.
We need the help of many trades to build it so we make a list of unions we can work with and assign them to different jobs.
Our HR staff works with the architect to define job descriptions outlining who will work where, when, and how to allow them to use what skills and tools.

You are a steelworker. With local union 455.
Your union puts your name on the list of available workers to get into the building site.
When you show up to work you go to the tool boss who gives you ONLY the tools you need for your job. 
As you move towards the building the guards and managers check your badge send you to the floor you can work on.
Managers also check with the unions from time to time to see if your work status has changed.

When you get to your location the foreman shows you the limits of where you work and what you can do.

Docuware is very much the same…
Active directory is our list of workers in our company.
If you’re not on the list you can’t work here.
The active directory uses groups and are very much like the list of unions we work with.
DocuWare Groups is our list of Unions working at Docuware Plaza. Each Member must be assigned to a Union.

So as a steelworker, you are assigned to the Steelworkers Group in Active Directory.
Docuware Plaza also has a list of Unions we call Groups.
In Docuware we matchup the Docuware Groups to their corresponding Active Directory Groups and compare them constantly.

Just like in our story where the Union puts users on a group list, Docuware does not control nor is a part of Active Directory,
Active Directory is a part of the network security system.
Like the manager checking a union member’s current status, Docuware checks with Active Directory to see if a user is active from time to time. If a user is removed from an Active Directory a Group then Docuware removes them from the corresponding Docuware group automatically.

Docuware users – You are a user. Like a member of the union and assigned to a workgroup, you are a member of the network of users.
A role is the job description like “steel worker” and all of the job description and criteria for a user’s access and limits within the system are tied into that role.

Docuware’s Overall security is like the guard and building managers seeing who you are, what group you’re assigned to, and what file cabinets you have

The Organizational Profile is the Tool Boss providing your tools, in the case of Docuware TOOLS are items on the menu bars and other actions in Docuware.
access to.

File cabinet profiles are like a foreman setting limits on what you can do and what you have access to within a file cabinet.

You as a worker has a Role to play in building and Docuware Roles defines and sets rules to groups in the same way.
Docuware’s Role is a complete description of an individual Union and their duties.
The description contains a list of similar groups of members (users)
A list of file cabinets they have access to.
The kinds of access they have within those cabinets
A list of tools they can use in those file cabinets

Notice at NO TIME have I identified a user ALONE he is ALWAYS a part of something bigger.

Managing users as a group is much easier than managing users one by one.

So Docuware has roles, groups, users and 2 profiles, 1 profile for system tools the 2nd for file cabinet rights.
Organizational Profiles or Functional Profiles are lists of tools users are granted the right to use.
Tools are things you do not things you access. Things like ‘Print’, ‘Download’, ‘Store’.

File cabinet Profiles (access/rights) are lists of rules within a file cabinet a user is subject to.

Docuware uses groups to categorize users and make them easier to manage.

Docuware uses roles to list all of the groups, tools and rights in one place.