Overview of Security Configuration

Recon.work web application controls all access via security groups. Every process, report, form, or document collection can be secured by one or more security groups. Likewise, any registered user can be assigned to be a member of the specific security group, which will in turn enable him/her to run a given task or get access to a document collection. When a new company is first initialized in the system, it will include the following list of default security groups.

Security GroupDescription
Security AdministratorThis role will allow you to manage access to forms, reports, charts, and document collections. At least one security administrator is required for each organization.
Data AdministratorThis role allows managing document collections along with their indexing and text search options. Importing and exporting data is also part of this role.
Process AdministratorThis role gives the ability to fine-tune any report or data capture form by presenting you with every option for each step in the business process.
Report AdministratorThis role role gives access to an intuitive web-based report building tools, allowing you to create charts, tables, and reports in minutes.
Form AdministratorThis role role will let you create and modify information capture forms using simple web interface. No technical expertise required.
API UserGet access to the REST API functionality to administer your data from any third-party application or integrate it with your own custom process.
Super UserThis role role will give you all access from the roles described above. In addition, it will let you view detailed user activity log.
New security groups can be set up by a security administrator and assigned to individual users from Assign Users to a Group or Assign Groups to a User tasks.

Controlling Access Level

User access can be fine tuned to allow only a specific set of operations. Additionally, users can have any combination of "read", "write", "delete", and "execute" security masks assigned to their security group profile. The following table shows specific areas where access level is applicable.

Access TypeSystem ProcessDocument CollectionUser Account
X - Regular access assigned by security administrator
E - Elevated security access assigned by security administrator, that will also impact daily charge rate calculation.

Before any user can successfully run a process, the system first checks that user profile has execute permission for the security group assigned to the process. Document collection access will be validated during process execution if a specific step in the process requires data access.

IP Security Configuration

Access to the environment is also controlled at the IP level. When new company database is first initialized, the IP of the first user performing the registration will be added to the whitelist. Any subsequent users claiming to be part of a specific organization/company will have to be given IP access individually by security administrator.

IP access is configured by security administrator using Manage IP Access task. IP addresses can be added or removed from the whitelist. It is also possible to add a range of IP addresses to the list to simplify administration. Using blocks of IP ranges is recommended when all users are signed up with the same internet provider or live in the same area.

Back to Main