This section describes the roles and tasks available for users in iManage Security Policy Manager, as follows:
Global Roles Task Mapping
Global Role | Applicable Tasks |
|---|---|
Client and Matter Administrator | Can add or remove clients, matters, cases and collections; adjust (update) client, matter and case definitions, and create and edit rules for collections. This user has access to all of the clients, matters, cases and collections, irrespective of who added the client, matter, case or collection. Can view, but not manage, conflicts (opposing team sets) relating to those items to which such user has access. Can add or remove all types of local administrators including local Conflicts Administrators. Can access and adjust all Settings. |
Client and Matter Manager | Can adjust (update) client, matter and case definitions, and create and edit rules for collections. This user has access to all of the clients, matters, cases and collections, irrespective of who added the client, matter, case or collection. Can view, but not manage, conflicts (opposing team sets) relating to those items to which such user has access. Can access and adjust Email Templates, Locations and Customer Properties in Settings. |
User and Group Administrator | Can add, adjust (update) and delete users and groups, assign roles to users and groups. |
User and Group Manager | Can adjust (update) users and groups, and assign roles to users and groups. |
Help Desk Operator | Can see all clients and matters, but cannot adjust (add, update, delete) client and matter definitions. This user can view the client and matter definitions through the administrator console, and can view sides and users of opposing team sets, but cannot view the dashboard view of an opposing team set, nor manage opposing team sets. |
Hold Administrator | Can create and delete holds, and view all holds in SPM. Global hold administrators are automatically added as local holds administrators, to all holds, and can add (local) administrators to a hold. |
External User* | For SPM Agents that support the use of External Users, a user designated as an External User can only see clients and matters where they are explicitly included in Staffing. An example of such a user can be a contract user. The professional services firm might not want these users to provide unhindered access to all the open assets. Such users will be able to see an asset only if included in the asset staffing. |
Over the Wall User* | Can see all the clients and matters unless they have been denied access through an opposing set or conflict. |
Conflicts Officer | Can update client and matter definitions, manage conflicts on assets and collections, and add or remove local Conflicts Administrators. |
SPM Activity Importer* | Can supply time and billing, and document activity information to SPM. This is a system role and if logged in as SPM activity importer, the aforementioned information can be pulled into SPM from systems such as iManage Work and Elite. |
SPM Agent* | Agents are consumers of security policy definition. When an Agent is registered, it is informed of security policy changes. Examples of Agents include iManage Work Agent and iManage Records Manager Agent. |
Staffing Administrator | Can adjust staffing of clients, matters, users and collections, and add or remove local Staffing Administrators. |
User* | Can view accessible matters and make requests for access to matters. |
Floating User#^ | Can be assigned to staffing teams without triggering exclusions from any other opposing team sets. |
Email Responder | Can monitor incoming email and action email email responses. |
Monitoring | Can access the Monitoring page. |
* These roles have access through the user console of iManage Security Policy Manager application. All other roles have access through the administrator console.
# Any user can be designated as a floating user. This is especially relevant for secretaries, assistants, consultants / researchers, document processors, and Knowledge workers. By rule, a user can assist more than one timekeeper. If any firm has low assistants to timekeepers ratio, and the timekeepers sharing a common assistant work on opposing team sets, then by default the assistant gets excluded from the staffing. This is undesirable as the assistant would require access to both the assets to support the timekeepers. In such a scenario, the assistant can be assigned a 'floating user' role, thereby preventing them from being excluded from both the teams' staffing.
^ This global Floating User role is different from the local 'Floating User' role that can be applied on a particular opposing team set. The 'local' floating user can cross the sides of a given opposing team set, but not all opposing team sets: the opposing-team-set-specific floating user role could be used, for example, by members of the conflicts team to permit specialists to access all sides of an opposing team set without triggering exclusions. For more information about this role and how to use it, see Managing Opposing Team Sets.
Role-Task Matrix
Global Roles
V=View, A=Add, U=Update, D=Delete
Role | Clients / Matters / Client Groups / Cases/ Collections | Admin Tasks | Conflicts | Access Request | Verify | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
V | A | U | D | A/U/D | A/U/D | Assign Global Role£ | Reset | V | A/U/D | Raise | Approve | ||
User and Group Administrator | N | N | N | N | Y | Y | Y | Y | N | N | NA | N | N |
User and Group Manager | N | N | N | N | Y& | Y& | Y | Y | N | N | NA | N | N |
Client and Matter Administrator | Y | Y | Y | Y | N | N | N | N | Y | N | NA | Y | Y |
Client and Matter Manager | Y | N | Y= | N | N | N | N | N | Y | N | NA | Y | Y |
Staffing Administrator | Y | N | Y* | N | N | N | N | N | N@ | N | NA | Y | Y |
Conflicts Officer | Y | N | Y | N | N | N | N | N | Y | Y+ | NA | N | Y |
Holds Administrator* | Y* | N | N | N | N | N | N | N | N | N | NA | N | N |
Over the Wall User | Y^ | N | N | N | N | N | N | N | N | N | NA | N | N |
Help Desk Operator | Y | N | N | N | N | N | N | N | Y | N | NA | N | N |
User | Y^ | N | N | N | N | N | N | N | N | N | Y | NA | N |
External User | Y^ | N | N | N | N | N | N | N | N | N | Y | NA | N |
(Global) Floating User | Y^ | N | N | N | N | N | N | N | N | N | Y | NA | N |
SPM Agent | Y^ | N | N | N | N | N | N | N | N | N | N | N | N |
SPM Activity Importer | Y^ | N | N | N | N | N | N | N | N | N | N | N | N |
& User and Group Managers can only update (not add or delete) users and groups.
= Client and Matter Managers can update definitions and staffing, but not conflicts.
* Staffing Administrators can only update staffing.
^ Can view clients, matter, client groups and cases, but not collections.
# This refers only to the administrator privilege of resetting the password, and enabling form login, for any user. However, users can reset their own passwords through the UI. See Resetting the Password.
+ In addition to adding, updating and deleting opposing team sets, Conflicts Officers can also create opposing team set drafts.
@ Cannot view opposing team set information but can see when a user is "on opposing team set side". No information about the opposing team set is displayed.
£ This reflect assignment of global Roles. For information on local roles that can be assigned, see Assignment of local administrators by global administrators.
* Holds Administrators can view all holds from the Holds dashboard only, and add or delete any items or users, including local administrators, to a hold. They cannot edit items or users. See also Holds access and visibility section in Holds.
Local Roles (Client, Matter, Client Group, Case, Collection Specific)
Local roles refer to all the roles that users are assigned after creating an asset or collection as a member of the asset or collection team. These are specific to the asset or collection to which they apply, hence "local".
Local administrators of certain types can be assigned by local or global administrators, as described in Local Administrator assignment and relative permissions.
'Local' floating users can also be applied to individual opposing team sets. This local 'Floating User' role, that can be applied on a particular opposing team set, is different from the global Floating User role. The 'local' floating user can cross the sides of a given opposing team set, but not all opposing team sets: the opposing-team-set-specific floating user role could be used, for example, by members of the conflicts team to permit specialists to access all sides of an opposing team set without triggering exclusions. For more information about this role and how to use it, see Managing Opposing Team Sets.
Key to the role-task matrix
V=View, A=Add, U=Update, D=Delete
NA = Not Applicable. If users fall under any one of the mentioned local roles, it implies they already have access to the asset.
Role-task matrix
Role | Clients / Matters / Client Groups / Cases | Collections | Conflicts | Access Requests | Verify Acknowledgments | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
V | A | U | D | V | A | U | D | V | A/U/D | Raise | Approve | ||
Client / Client Group team (Access requests require approval by any member of the client/client group team.) | Y*^ | N | N | N | N | N | N | N | N | N | NA | Y*^ | N |
Matter team (Access requests require approval by any member of the matter team.) | Y*^ | N | N | N | N | N | N | N | N | N | NA | Y*^ | N |
Case team (Access requests require approval by any member of the case team.) | Y*^ | N | N | N | NA | NA | NA | NA | N | N | NA | Y*^ | N |
Support Staff | Y*^ | N | N | N | N | N | N | N | N | N | NA | N | N |
(Access requests require approval by the responsible attorney or administrator, depending on setting chosen.) | Y* | N | N | N | NA | NA | NA | NA | N | N | NA | Y* | N |
Administrator (Client / Client Group / Matter / Case / Collection) | Y*~ | Y*$~ | Y*/~ | N | Y* | Y*$ | Y* | N | N@ | N | NA | Y* | Y |
Staffing Administrator (Client / Client Group / Matter / Case / Collection) | Y*~ | N | Y%*/~ | N | Y* | N | Y*% | N | N@! | N | NA | Y* | Y |
Conflicts Administrator (Client / Client Group / Matter / Case) | Y* | N | Y*&/~ | N | NA | NA | NA | NA | Y* | Y*+ | NA | N | Y |
Conflicts Administrator (Collection) | N~ | N~ | N~ | N | Y | N | Y | N | Y | Y | NA | NA | NA |
Holds Administrator (Client / Client Group / Matter / Case / Collection)= | Y* | N | N | N | Y* | N | N | N | N | N | NA | N | N |
^ When such users accessing from SPM User Console (not SPM Admin Console).
* implies that the roles are performing actions on only those items to which they have been provided access to.
$ Client administrators cannot create new clients but can add new matters under the clients they are administering. Matter administrators cannot add new matters. Client group administrators cannot create new client groups but can include clients and add matters under the clients included in the group. Case administrators cannot create new cases but can include matters in the case. Collection administrators cannot create new collections but can add matters to the collection.
% Local staffing administrators can update staffing, but not other aspects, of items to which they have been provided access to. See also Local Administrator assignment and relative permissions.
& Local conflicts administrators can update definitions, conflicts and staffing, of items to which they have been provided access to. See also Local Administrator assignment and relative permissions.
@ Cannot view opposing team set information but can see when a user is "on opposing team set side". No information about the opposing team set is displayed.
+ Can view opposing team sets pertaining to the asset that they are administrating; edit access depends on the Allow Local Conflicts Administrators to access all clients and matters setting.
= Can edit all aspects of assigned (local) holds, including adding or removing other local hold administrators. See also Local Administrator assignment and relative permissions.
~ Local collections administrators of all types can perform relevant actions on the collection, but the visibility and actionability of matters under the collection is determined by their access to those matters, not by their local role on the collection.
/ The ability of local administrator types to add or modify local administrators is as follows:
Local Administrator assignment and relative permissions
Assignment of local administrators by global administrators
Global administrators can add (or remove) local administrators, as follows:
- (Global) Client and Matter Administrator:
- can add or remove local Administrators
- can add or remove local Conflicts Administrators
- can add or remove local Staffing Administrators
- (Global) Staffing Administrator:
- can add or remove local Staffing Administrators
- (Global) Conflicts Officer:
- can add/remove local Conflicts Administrators
- (Global) Holds Administrator
- can add or remove local Hold Administrators
Relative permissions of local administrators
- Administrator:
- can add or remove Administrators and Staffing Administrators
- cannot add new Conflicts Administrators or upgrade to Conflicts Administrator Role
- Conflicts Administrator:
- cannot add or modify any type of administrator
- Staffing Administrator:
- can add or remove Staffing Administrators
- cannot add new Conflicts Administrators or Administrators, or upgrade to either of these roles
- Holds Administrator:
- can add or remove local Hold Administrators
- cannot add new global Hold Administrators, or upgrade to this role
