Roles and rights
Roles and rights grant you access to the forms and services in Altinn.
Businesses that receive confidential information, must ensure that only those who have an official need to see the content, have access.
No one in the business has automatic access to confidential information. In order to grant/get access to such information, persons with the role "Main administrator" must delegate the necessary access.The general manager and the chair of the board have the role of "Main administrator". Those who have gained access can use the option "Share and give access" from the message in the Inbox, and send each individual message to the right person in the business.
If you know what role you want to delegate, you can choose the role without searching for form. Click Has these roles and choose + Add new role to show the list of roles. In the list shown, check the roles you want to give and click Done to do the delegation.
If you want to see what forms and services the role grants access to, you can click the question mark next to the role name.
By searching for a specific form or service, you will see what roles are needed to use the service. You also have the opportunity to give access for the service only.
Once you've found the form/service, you can choose between:
- Roles that gives access to the form/service
- Alternative delegation that gives access to the form/service only
If you choose alternative delegation you can choose if you want to give access to only read, write and/or sign the selected service.
Choose the party you want to change rights for, and go til Profile.
- If you're removing your own rights, choose Forms and services you have rights to.
- If you're removing rights for others, first choose Others with rights to the organization, and then the person who should lose their rights.
Click Remove one or more rights, and you'll be able to remove all or specific roles.
A custom role is a collection of rights that you define, and then easily give to others. To create a custom role, you need to be Access manager and have the rights that should be part of the role.
You create a custom role under profile → others with rights if you choose a person or click add new person. Click Has these roles, and then select +Add new role.
By editing a custom role, you can eitehr add or remove services from the role, or delete the role itself.
The activity log shows the history of which roles and rights were given and removed for the party you're repesenting. Only persons who are Access manager can see the activity log.
The activity log under Profile → Others with rights shows the history for roles and rights. Note that you need to be Acccess manager for a party to see the activity log.
If you have the role Access manager or Main administrator, you can download a file that shows all delegated roles and rights.
You can download the file by going to the menu Profile and Others with rights to the organization. Choose Download to file.
This is a zip file that contains 2 csv files, that can be opened in Excel. One of the files contain roles and the other single services. It is also possible to include sub-entities. For the organization types municipality and county, the files also show delegations done by organisation sections and their sub-entities.
Under Forms and services you have access to you can see what roles you have for the party you're representing. By clicking the question mark next to the role, you can see what it gives access to.
The main administrator may be responsible for managing roles and rights for your business.
What the role contains
The role of main administrator provides the opportunity to delegate all roles and rights for an enterprise, including roles and rights that one does not have. The main administrator can delegate roles and rights both to others and to themselves. Please note this applies to both existing and future roles for the business.
How to get the role of main administrator
The main administrator role can only be delegated by the general manager, the chair of the board, the shipowner or the holder.
This does not contain the role
The main administrator cannot delegate further his or her own role as the main administrator.
The main administrator role is not a key role and therefore cannot inherit roles and rights granted by other users or businesses.
