Managing Roles Using User Authentication

This section describes the procedure for managing roles with User Authentication.

Creating Custom Roles

Custom roles are user-defined roles, and are created by adding/editing usage restriction information from a base role.
You can also edit the information for a created custom role. For more information, see "Editing Custom Roles."
IMPORTANT
You can register a maximum of 100 roles, including base roles and custom roles (administrator).
Custom roles registered in devices with an older version of the Access Management System can be used with this version.
The restrictions for items not supported by a device cannot be set/checked from User Authentication, but are stored inside the device. (Therefore, when printing from a computer, [Available] may be displayed for [Color Print], even on a black-and-white device.)
Do not set stricter restrictions for custom roles than those applied to unregistered users (the guest role). If the restrictions applied to registered users are stricter than those applied to unregistered users, the number of functions that can be used after logging in will be less than before logging in or than [Log In (Guest)], which may lead to inappropriate user management.
NOTE
It is recommended you export role information after creating custom roles, for backup purposes. Since exported roles can be imported in other devices, the custom roles you create can also be registered in multiple devices. For more information, see "Importing Roles" and see "Exporting Roles."
Associate roles to users on the [User Management] screen. For more information, see the instruction manuals of the device.
1.
Log in to User Authentication.
For more information, see "Logging in to User Authentication."
2.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Role Management].
3.
Click [Add Role] in [Custom Roles].
4.
Specify the required items → click [Add].
The new role is registered.
The items required for entry and their scope are indicated below.
Item
Description
Scope
[Role Name]
Set the role name.
1 to 32 alphanumeric characters, hyphens (-), and underscores (_). You cannot register a role name that already exists.
You cannot register a name that is the same or similar to the name of a base role or custom role (administrator).
[Comments]
Enter a description for the role.
User-defined string of 0 to 50 characters.
[Base Role]
Set the base role for the custom role.
You cannot set the [GuestUser] role.
The base role set here determines the device management privileges.
The role only has device management privileges if the [Administrator] role is set as the base role.
[Device Management Restriction]
Set the device management restrictions.
[All Settings]:
When set to [No Restrictions], no device management privileges are restricted, regardless of the settings in [Device Settings] and [Network Settings]. (Privileges equivalent to the [Administrator] role are available for the device management privileges.)
When set to [Restrictions], the device management privileges are restricted according to the settings in [Device Settings] and [Network Settings].
(Even if both [Device Settings] and [Network Settings] are set to [No Restrictions], privileges equivalent to the [Administrator] role are not available for the device management privileges.)
[Network Settings]:
Set [No Restrictions]/[Not Allowed] for the device management privileges that belong to each network setting category.
[Device Settings]:
Set [No Restrictions]/[Not Allowed] for the device management privileges that belong to each device setting category.
You can set if [Administrator] is set for [Base Role].
[Function Category Restriction]
Set usage restrictions for each function category.
-
[Function Category Restriction Details]
Set usage restrictions for each detailed function.
-
[Application Restrictions]
Set usage restrictions for each device application.
Even if [Function Category Restriction] is set to [Not Allowed], functions with [Allowed] set for [Application Restrictions] can be used.
[Button Restrictions]
Set the usage restrictions for buttons displayed on the [Main Menu] screen or [Quick Menu] screen.
You cannot use functions set to [Not Allowed] in [Application Restrictions], regardless of whether they are not restricted in [Button Restrictions].
For information on device management privileges, see "Device Management Privileges." For information on device function restrictions, see "Device Function Restrictions."
NOTE
The items displayed slightly differ for User Authentication version.
"Device applications" refer to functions that are not included in the device, but are made available by installing them (such as MEAP applications).

Editing Custom Roles

You can edit the registered custom roles.
IMPORTANT
Only [Comments] can be edited for base roles and custom roles (administrator). Restriction information can also be edited for the [GuestUser] role. For more information, see "Editing the [GuestUser] Role (Guest Role)."
To change the role name of a custom role, it is necessary to delete the role and register it again as a new role.
To change the [Base Role] setting (and therefore change the device management privileges), it is necessary to delete the role, and then register it again. (It is also possible to export the role and change the [Base Role] setting by editing it with a text editor. However, take care not to edit the control characters in this case.)
The changed role information is enabled from the next time you log in. It is not applied to users currently logged in.
Do not set stricter restrictions for custom roles than those applied to unregistered users (the guest role). If the restrictions applied to registered users are stricter than those applied to unregistered users, the number of functions that can be used after logging in will be less than before logging in or than [Log In (Guest)], which may lead to inappropriate user management.
NOTE
It is recommended you export the role information after editing custom roles for backup purposes. For more information, see "Exporting Roles."
Associate roles to users on the [User Management] screen. For more information, see the instruction manuals of the device.
1.
Log in to User Authentication.
For more information, see "Logging in to User Authentication."
2.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Role Management].
3.
Click [Edit] for the role you want to edit.
4.
Edit the required items → click [Update].
The role information is changed.
IMPORTANT
[Device Management Restriction] can only be set if [Administrator] is set for [Base Role].

Editing the [GuestUser] Role (Guest Role)

You can edit the roles for unregistered users.
IMPORTANT
The changed role information is enabled from the next time you log in. It is not applied to users currently logged in.
Set stricter restrictions for unregistered users (the guest role) than those applied to other base roles and custom roles. If the restrictions applied to registered users are stricter than those applied to unregistered users, the number of functions that can be used after logging in will be less than before logging in or than [Log In (Guest)], which may lead to inappropriate user management.
NOTE
It is recommended you export the role information after editing [GuestUser] role for backup purposes. For more information, see "Exporting Roles."
1.
Log in to User Authentication.
For more information, see "Logging in to User Authentication."
2.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Role Management].
3.
Click [Edit] for [GuestUser] in [Base Roles].
4.
Edit the required items → click [Update].
The role information is changed.

Deleting Custom Roles

You can delete registered custom roles.
IMPORTANT
Base roles and custom roles (administrator) cannot be deleted.
1.
Log in to User Authentication.
For more information, see "Logging in to User Authentication."
2.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Role Management].
3.
Select the role you want to delete in [Custom Roles] → click [Delete].
The role is deleted.
NOTE
If you want to select all the custom roles, select [Select All].

Importing Roles

You can import the roles registered in another device from a file.
IMPORTANT
If a role with the same name as a role to import already exists, that role is overwritten with the imported role information. However, only comments are overwritten for base roles other than the guest role and custom roles (administrator).
If the [Device Management Restriction] setting is invalid (if [Device Settings] and [Network Settings] are set to [Not Allowed] despite [All Settings] being set to [No Restrictions]) the role information is deemed invalid and is not imported.
If roles not included in the import file were registered in the device, those roles are not deleted, and the roles inside the import file are added to the device.
1.
Log in to User Authentication.
For more information, see "Logging in to User Authentication."
2.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Role Management].
3.
Click [Import].
4.
Click [Browse] to select the file to import.
5.
Click [Start Import].
The role information is imported.
NOTE
If the role information fails to be imported, the data is rolled back, and returns to the state it was before the import.

Exporting Roles

You can save the role information registered in a device as a file. This is useful for backup purposes, or for using the registered role information in another device.
NOTE
The file extension is 'xml' and the default file name is 'roleData.xml'.
It is also possible to export the role and edit it with a text editor. This is useful when you want to change the role names. However, take care not to edit the control characters in this case.
1.
Log in to User Authentication.
For more information, see "Logging in to User Authentication."
2.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Role Management].
3.
Click [Start Export].
4.
Follow the instructions on the screen to specify the location to save the file.
The file is downloaded.