Role consideration when setting up customised groups

About roles and permissions

An account administrator can use the PPSR's default groups, see the default group details in setting up your account permissions.

The account administrator can also create customised groups and assign roles to perform the actions. The PPSR uses a Roles Based Access Control (RBAC) system. In this system:

  • roles have permissions
  • roles are assigned to groups
  • groups are assigned to users.

Role consideration for customised groups

If the account administrator is setting up customised groups they will be required to select the roles to assign to these customised groups.  Below are some extra details about the permissions some commonly used roles have.  For more role information see the permissions matrix.

Account and user roles

  • User – Manage my user details - allows a user to manage their own details. An example of this is to change his or her password, to save secret questions and answers and to set a secured party group (SPG) as the default SPG for their user. It is important to note that without this role, the user can’t change their password.
  • Account – Make Payment - allows a user to complete chargeable transactions using a credit card without allowing access to areas of managing the account, e.g. account name, contact details, account preferences or account financial details.
  • Account – Manage our account details - allows a user to change account details, including the account customer name, the mailing address and contact person for the account. Accordingly, account customers may want to consider limiting access to this role.
  • Account – View our financial transactions - allows a user to view the transaction enquiry screen and the invoice on the confirmation page of a chargeable transaction. Accordingly, account customers may want to consider limiting access to this role.
  • Account – Manage our account financials - allows a user to view and amend the account financial details. This role also allows access to all areas of managing the account, e.g. account name, contact details, account preferences and account financial details as well as permission to complete chargeable transactions using the Account pre-pay or credit funds. Accordingly, account customers may want to consider limiting access to this role.
  • Manage our account Grantor Favourites - allows a user to create and manage grantor favourites associated with the account.
  • Use our account Grantor Favourites - allows a user to use grantor favourites associated with the account, to create registrations, complete grantor searches and create alert notifications.
  • Templates – Manage our templates - allows a user to create, amend, manage and delete registration templates. With this permission the user can also send a copy of the template to a different account customer.

SPG roles

SPG – Use account favourites - allows the user to retrieve a SPG from a list of favourites recorded against the account by the account administrator. It makes it easier for the user to use the correct SPG because they can select it from a list rather than have to remember a number.

Searching roles

The basic search roles that you can assign to a group are:  

  • search by serial number
  • search by individual grantor
  • search by organisational grantor
  • search by registration number and ordinal.

Two roles support search functionality in addition to the basic search roles:

  • Search – Search by grantor event date range allows a search by grantor over a specified event date range. This complex functionality is easily misunderstood. The group must combine this role with one of the following roles:
    • Search – Search by individual grantor
    • Search – Search by organisation grantor
  • Search – Manage previous search results allows a user to retrieve an expired search result. In many circumstances, it may be better to do a new search rather than retrieve the old result or certificate. The PPSR does not redo the search, e.g. it will not retrieve vehicle information via the NEVDIS link.

Consider only assigning the above roles to users who have been trained in, and have a specific reason for using these functions.

Registration roles

You can perform a number of different registration functions on the PPSR, including:

  • create a registration
  • saving registrations as a pending application
  • assign and manage pending applications
  • amend and discharge registrations.

Creating registrations

To create a registration each user will require the following permission:

Registration – Create a registration - allows a user to create a registration. However, with this permission alone the user cannot save the application as pending and must complete the registration to save the details that they entered. If the user needs to be able to create a registration from a template, they will also require the following permission: Template - create registrations from templates.

Template – Create registrations from templates - allows the user to create a registration using a template. To be able to create a registration users must also have the permission: Registration - Create a registration.

Pend a registration - to save the registration as a pending application and return to it later, there are two specific roles needed:

  • Pending – Manage my pending application - allows a user to save and retrieve a pending application that was saved by the user, or is assigned to the user.
  • Pending – List my pending applications - allows a user to view a list of the pending applications that have been assigned to them.

Pending registrations applications roles

  • Pending – Manage my pending application - allows a user to save and retrieve a pending application that was saved by the user, or is assigned to the user.
  • Pending – List my pending applications - allows a user to view a list of the pending applications that have been assigned to them.
  • Pending – assign pending applications - allows a user to assign the pending application to another user who has the appropriate permissions to retrieve the pending application and register it on the PPSR.
  • Pending – Manage our pending applications - allows a user to retrieve all pending applications that all of the account users have created.

Amending and Discharging Registrations

Two roles allow a user to either amend or discharge a registration.

  • Registration – Amend a registration - allows a user to amend and renew a registration.
  • Registration – Discharge a registration - allows a user to discharge a registration.

Consider only assigning the above roles to users who have been trained to use the PPSR and have a specific reason for using these functions.