Kuali Financials controls access to documents and workflow via Kuali Identity Management which consists of users, permissions, responsibilities and roles.
Users, permissions and responsibilities are assigned to roles.
Permissions control what a person has access to do.
Responsibilities control the workflow, what is a person responsible for approving and the actions that can be taken when they receive a workflow action request.
Roles group everything together.
There are several delivered roles and new roles can be created. Permissions can be assigned or unassigned based on what the role needs to be able to do.
Users are not assigned directly to derived roles, assignees are determined from other maintenance data. For example, Fiscal Officer is a derived role, most all financial transactions route to the Fiscal Officer for approval. The Fiscal Officer is an attribute of account. When an account is used on a document, workflow looks at the account to determine which Fiscal Officer should receive the approval request. Using derived roles facilitates a single point of maintenance.