User guide
Quick Start Guide
Dashboard
Overviews
Case detail (Caseoverview)
Case - event
Tasks
Case notes
Documents
User settings
Favorites
Table component
FAQ
News/Announcements in Team assistant
Mobile app settings
Administrator Guide
Platform guide
Administration
Crons
Authentication and Synchronization
Mobile App Setup for Your Environment
Scheme
Dynamic tables
Archiving
Scripts
Service console
Scheduled Tasks
HR Agenda
Sequences
CSP Headers
Logs
Access Token Settings & Session Expiration
Template
Roles
Planning
Users
Organizational structure
Events
Translations
NFC Integration
AXIOS API
Calculations & Functions
Integrations
TAS Forms
TAS Forms
Activating the module on the environment
TAS Forms - secret creation guide for Docker Swarm
Advanced Features & Tips
Product
Technical Changelog
Business Changelog
Version Upgrade Guide
Upgrading to 5.7
Lodash upgrade v4.17.x (>v5.5)
Main changes and deprecated features (v5.3 > v5.7)
Highlighting variables in Read-only status (>v5.7.58)
Using validation functions
Upgrading to 5.3
Dynamic conditions migration
PDF printing adjustment
Editing Task Description vs Task Instructions
Transpiling forEach to a for loop
Rendering HTML on Caseoverview
Differences between TAS4 and TAS5 - a complete overview
Best Practices for Upgrading from v4 to v5
Technical details
News / Important information
Getting Started
- All Categories /
- Administrator Guide
- Platform guide
- Roles
- Competencies /
- Change in Role Assignment Logic to Competence-Based Assignment
Change in Role Assignment Logic to Competence-Based Assignment
The primary reason for shifting from role-based assignment to competence-based assignment in Team assistant (TAS) is that roles in TAS are often generated automatically. Assigning these roles manually by an administrator, whether in TAS or Microsoft Active Directory (MS AD), is inefficient. Using competences significantly reduces administrator intervention in role visibility assignments and standardizes permission allocation for users in identical job positions.
Competence-Based Logic
The competence system is structured around "role groups," which are categorized under a specific competence. A role group can be defined either statically or dynamically using regular expressions. Ideally, each standard user is assigned a single competence, which configures all visibility, access, and other necessary permissions.
Competence-based assignment does not restrict exceptions where specific users require additional roles. The system retains records of how roles were assigned, ensuring that manually assigned roles remain even if competence-based roles are removed. If a role is manually assigned and is also part of a competence group, it will persist after the competence is revoked.
MS AD Synchronization
TAS allows synchronization with MS AD based on "Competence Rules." This feature is particularly useful in holding structures, where simple rules can automate competence generation from MS AD rules. If a competence is found in MS AD with syntax matching TAS rules, a corresponding set of competences is generated, which governs role assignment.
Example Usage
Scenario: Samantha Allen works at company XXX as the head of the Logistics department (Cost Center 001).
Assigned competence in MS AD:
TAS Users - XXX - GC - Cost Center 001 (MG)TAS Users- Standard prefix for department groups in MS ADXXX- Company abbreviation (numeric or alphabetic, not necessarily matching TAS role abbreviations)GC- General competence identifierCost Center 001- Department identifier(MG)- Manager designation
Permissions granted by this single competence assignment:
- Ability to create purchase orders for company XXX
- Ability to create public/private contracts for company XXX
- Visibility into all overviews for company XXX
- Visibility into all purchase order cases for company XXX and Cost Center 001
- Visibility into all invoice cases for company XXX and Cost Center 001
- Visibility into all public and private contracts for company XXX and Cost Center 001
- Approval authority for purchase orders at Level 3 (or Level 4 if divisional directors are used)
- Approval authority for contracts at company XXX and Cost Center 001
- Capability to be a contract guarantor for company XXX
Steps for Transitioning from Roles to Competences
- Client: Provide Neit with a list of all roles used in MS AD.
- Neit: Analyze role usage and transform them into competences.
- Neit: Create competence rules in TAS.
- Neit: Modify current TAS production synchronization to ignore groups following the
TAS Users - ??? - GC - *pattern. - Client: Create competence groups in MS AD.
- Client: Assign competences to individual users.
- Neit: Move competence-based approval templates to TAS TEST.
- Neit/Client: Test user synchronization in the TEST environment.
- Client: Verify assigned permissions in the TEST environment.
- Client: Inform users about changes in permission assignments and the likelihood of modifications to their current permissions.
- Neit: Backup user-role assignment and approval tables in TAS PROD.
- Neit: Disable the previous user synchronization process.
- Neit: Move competence-based approval templates to TAS PROD.
- Client: Remove old groups from users in MS AD.
- Neit/Client: Execute synchronization in TAS PROD.
- Neit/Client: Validate assigned roles/competences in TAS PROD.
- Neit/Client: Maintain increased monitoring for 5-10 business days for any competence adjustments.
Pre-Implementation Requirements
- TAS must be updated to version 4.11 or higher.
- The
CompetenceGeneratorCron.jsscript must be used.
Regular Expression Filtering for Competences
Competence filtering is possible via database regex. Examples:
%%- Displays all roles%a%a%- Assigns all roles%e%t%[0-9]- Matches roles containing 'e' and 't' and ending in a digit
Competences defined via regex are generated daily, and users are automatically assigned matching roles upon cron execution.
Administrator Access
The $Administrator role has access to all competences.
