280 likes | 300 Views
Revised Identity and Access Management (IAM). NEXT. Research Participant Portal. Offers external stakeholders a unique entry point for the interactions with the European Commission or Agencies in handling grant-related actions, based on single sign-on (ECAS)
E N D
NEXT Research Participant Portal • Offers external stakeholders a unique entry pointfor the interactions with the EuropeanCommission or Agenciesin handling grant-related actions, based on • single sign-on (ECAS) • role-based authorization (Identity and access management – IAM) • Result: personalised services on the Portal • Access to legal entity registration, negotiation, amendments,financial and scientific reporting, expert services (soon). • Brings homogeneity, transparency and better service integration for grant management.
Objectives of the role management (1/2) NEXT • The Identity and Access Management allows us to define and/or manage changes ofaccess rightsof users of the Participant Portal. • It gives personalised access to the different services. • It allows flexible and quick management of access rights to the electronic tools on the Portal with high security. • Any change in the roles of the users is saved to allow a monitoring & tracking service.
Unique identifier of persons: ECASaccount (European Commission Authentication System).Secure, ” single sign-on” approach :1 e-mail address = 1 person = 1 ECAS account leads to the different grant or organisation-related actions Unique identifier of entities: the 9-digit PIC number. It requiresminimum involvement by Commission staff allowing for flexibility for managing the consortium:only the top roles are approved by Commission staff (Primary Coordinator Contactand the LEAR). NEXT Objectives of the role management (2/2)
NEXT Finan Scien Scien Admin Admin Finan Admin Scien Finan A.Admin LEAR LEAR Admin Finan A.Rep A.Admin Scien Finan Admin Scien A.Admin Finan Admin Scien A.Admin CoCo A.Rep A.Admin A.Admin Admin Scien A.Admin PaCo PaCo A.Rep A.Admin Finan Admin Scien Finan Admin Scien LEAR A.Admin Finan 1 1 1 1 1 1 Participant A Coordinating Participant Participant B CoordinatorContact ParticipantContacts NamedRepresentat. TaskManagers TeamMembers LEAR AccountAdmin. The current pyramid of roles
NEXT Finan Scien Scien Admin Admin Finan Admin Scien Finan A.Admin LEAR LEAR Admin Finan A.Rep A.Admin Scien Finan Admin Scien A.Admin Finan Admin Scien A.Admin CoCo A.Rep A.Admin A.Admin Admin Scien A.Admin PaCo PaCo A.Rep A.Admin Finan Admin Scien Finan Admin Scien LEAR A.Admin Finan 1 1 1 1 1 1 Participant A Coordinating Participant Participant B CoordinatorContact ParticipantContacts NamedRepresentat. TaskManagers TeamMembers LEAR AccountAdmin. Changes in the new version of the identity and access management
NEXT CoCo Finan Scien Scien Admin Admin Finan Admin Scien Finan Finan Finan A.Admin LEAR Finan Admin Scien A.Admin Scien Finan A.Admin Admin A.Admin A.Rep Finan LEAR Scien A.Admin Admin A.Rep PaCo A.Admin PaCo CoCo Scien CoCo PaCo A.Rep Finan Admin PaCo PaCo PaCo A.Admin Scien Admin Scien LEAR Admin A.Admin A.Admin PaCo CoCo PaCo 1 1 1 1 1 1 Participant A Coordinating Participant Participant B CoordinatorContact ParticipantContacts NamedRepresentat. More Coordinator Contacts and Participant Contacts TaskManagers TeamMembers LEAR AccountAdmin.
NEXT CoCo Admin Scien Finan Finan Scien Finan Admin Admin Scien A.Rep Scien LEAR A.Admin A.Admin Team Mb Finan A.Admin Scien A.Admin LEAR A.Admin Admin A.Admin A.Admin Finan Admin Scien A.Admin Finan A.Rep Finan Admin A.Rep LEAR A.Admin Scien Admin Task M. Task M. Team Mb CoCo PaCo PaCo PaCo PaCo PaCo Finan Team Mb Scien Admin Scien Admin Finan PaCo CoCo Task M. Team Mb Task M. Task M. Task M. Team Mb Team Mb Team Mb Task M. Task M. Task M. Team Mb Team Mb 1 1 1 Participant A Coordinating Participant Participant B CoordinatorContact ParticipantContacts Task Managers and Team Members are no longer restricted to specific scope(s). NamedRepresentat. More than one Coordinator Contact and Participant Contact TaskManagers TeamMembers LEAR AccountAdmin.
NEXT CoCo Team Mb PaCo A.Rep CoCo Finan Admin Scien Finan Admin Scien LEAR Scien Admin PaCo Finan A.Rep A.Admin A.Admin A.Rep LEAR CoCo A.Admin A.Admin A.Admin LEAR A.Admin A.Admin A.Admin Task M. Task M. A.Admin PaCo Task M. Team Mb Team Mb Team Mb Task M. Task M. Task M. Team Mb Task M. Team Mb PaCo PaCo PaCo PaCo Task M. Team Mb Team Mb Team Mb CoCo Task M. CoCo PaCo Task M. PaCo CoCo PaCo PaCo Task M. PaCo Task M. 1 1 1 Participant A Coordinating Participant Participant B CoordinatorContact ParticipantContacts Task Managers and Team Members are no longer restricted to specific scope(s). NamedRepresentat. The roles of Named & Authorised Representatives are redistributed TaskManagers TeamMembers LEAR AccountAdmin.
NEXT Participant B CoCo Team Mb Reviewer A.Admin LEAR Reviewer A.Admin A.Admin A.Admin CoCo CoCo PaCo Task M. PaCo PaCo Task M. Reviewer A.Admin A.Admin Team Mb Team Mb LEAR Task M. Rapport. Task M. Team Mb Task M. A.Admin A.Admin A.Admin PaCo PaCo PaCo LEAR Team Mb Task M. Task M. Task M. Team Mb Team Mb Team Mb Team Mb Task M. 1 1 1 Participant A Coordinating Participant Experts CoordinatorContact ParticipantContacts Activation of non-participant roles: Reviewer and Rapporteur The roles of Named & Authorised Representatives are redistributed TaskManagers TeamMembers LEAR AccountAdmin.
NEXT XXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXX XXXXX XXXXXX XXXXXX XXXXX XXXXXX XXXX XXXXX XXXXXX The list of roles will be changed automatically with the new IAM
NEXT View Project details View roles in the Project Edit Consortium
The nomination process NEXT “How can I give access to my colleagues?” “How can I revoke the rights of colleagues who left the organisation?”
“Original roles” NEXT Some roles in the portal IAM are automatically provisioned at negotiation start : • The Coordinator Contact identified in the proposal forms will be transfered to the Primary Coordinator Contact role in the portal IAM. • Thecontact persons of the participating organisations identified in the proposal forms will be transferred to the Participant Contactsrole. • The LEAR is validated by the Commissionafter the validation process of his/her organisation.
The nomination process NEXT • Except for the Primary Coordinator Contact and the LEAR, management of roles and access rights is in the hands of the consortium. • Users can be nominated or revoked by other users following a ”pyramid of rights” Let’s review the nomination/revocation process.
NEXT CoCo A.Admin A.Admin A.Admin LEAR A.Admin A.Admin LEAR Team Mb Team Mb Team Mb PaCo PaCo A.Admin PaCo CoCo Team Mb Team Mb Task M. Task M. Team Mb Task M. Task M. Task M. Task M. CoCo 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers TeamMembers LEAR Organisation AccountAdministrator
NEXT CoCo LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin CoCo Team Mb Task M. PaCo PaCo LEAR PaCo CoCo Team Mb Team Mb Team Mb Team Mb Team Mb Task M. Task M. Task M. Task M. Task M. 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers TeamMembers LEAR Organisation AccountAdministrator
NEXT CoCo LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin CoCo Team Mb Task M. PaCo PaCo LEAR PaCo CoCo Team Mb Team Mb Team Mb Team Mb Team Mb Task M. Task M. Task M. Task M. Task M. 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers TeamMembers LEAR Organisation AccountAdministrator
NEXT CoCo LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin PaCo Team Mb Task M. PaCo PaCo LEAR Task M. CoCo Team Mb Team Mb Team Mb Team Mb Team Mb Task M. Task M. Task M. CoCo Task M. 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers TeamMembers LEAR Organisation AccountAdministrator
NEXT CoCo LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin PaCo Team Mb Task M. PaCo PaCo LEAR Task M. CoCo Team Mb Team Mb Team Mb Team Mb Team Mb Task M. Task M. Task M. CoCo Task M. 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers TeamMembers LEAR Organisation AccountAdministrator
NEXT CoCo Task M. Task M. CoCo LEAR A.Admin A.Admin LEAR A.Admin A.Admin A.Admin PaCo PaCo A.Admin Task M. Team Mb PaCo Team Mb Team Mb Team Mb Team Mb Task M. Task M. Task M. Team Mb CoCo 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers Only the key roles of the LEAR and Primary Coordinator Contactare approved by the Commission. TeamMembers LEAR Organisation AccountAdministrator
NEXT CoCo Task M. Task M. CoCo LEAR A.Admin A.Admin LEAR A.Admin A.Admin A.Admin PaCo PaCo A.Admin Task M. Team Mb PaCo Team Mb Team Mb Team Mb Team Mb Task M. Task M. Task M. Team Mb CoCo 1 1 Coordinating Participant Participant A CoordinatorContacts ParticipantContacts Project TaskManagers Only the key roles of the LEAR and Primary Coordinator Contactare defined/modified by the Commission. TeamMembers LEAR Organisation AccountAdministrator
NEXT The list of roles will be changed automatically with the new IAM.These new roles may need to be modified. XXXXXXXXX XXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXX XXXXXX Add or revoke roles in the Project LEARs will also see the list of proposals submitted.
Access rights Each person within this pyramid has different access rights according to his/her own role, and according to the state of the project. Let’s review these rights for each role. NEXT
Access rights: Project roles NEXT CoCo Team Mb Task M. CoCo PaCo • Nominate and revoke Participant Contacts for any participating organisation. • In addition, all rights listed under the Coordinator Contacts. • Nominate and revoke other Coordinator Contacts; • Read/write access to own and common forms; • Submit to European Commission/Agency; • In addition, all rights listed under the Participant Contacts. • Nominate and revoke Participant Contacts, Task Managers • and Team Members within their organisation; • Read/write access to own forms; • Submit to the Coordinator Contacts; • In addition, all rights listed under the Task Managers. • Create and update forms; • In addition, all rights listed under the Team Members. • Read-only access
Access rights: Organisation roles NEXT LEAR A.Admin 1 • Nominate and revoke Account Administrators within their organisation • In addition, all rights listed under the Account Administrator. • Access legal entity data and submit requests for change • Access the list of roles/persons representing their organisation • Access their organisation’s list of Projects and their summaries • May request to revoke users from roles within his/her organisation
Access rights for negotiations, amendments, reporting Read-only rights to all data: CoCo CoCo CoCo CoCo CoCo Task M. Task M. PaCo CoCo CoCo CoCo PaCo PaCo Team Mb CoCo CoCo • Draft, save, modify own forms: • Submit own forms to coordinator: • Draft and validate common forms: • Submit data on behalf of the whole consortium to the Commission:
Summary More flexibility (more than one CoCo and PaCo; fewer distinctions of function types) -> increased responsibility for consortia in establishing/maintaining/revoking access! • Identity and access management should become standard part of consortium management – discuss it in kick-off meetings, mention it in consortium agreements! • No access lost during migration, current roles are transferred automatically to new grid of roles. However, consortia might want to check after migration if arrangements are according to their needs