Access Rules for COMET Data
Initial release of COMET Data allowed access only to superusers, who already have authorizations in Comet to manage all data under their organization. Seeing the benefits of this reporting tool, many of our clients have requested that we extend access to other roles within their organization.
Inline with our product roadmap and long-term goals, we have implemented a generic role-based access to COMET Data, which applies to a specific list of administrative roles and is consistent with our authorization practices in Comet. In short, this strategy ensures controlled access to data which corresponds to the organization and the roles of the active user profile.
Access rules are processes and validated in the following order:
User must be an authorized user of Comet with one or more authorized roles. If user is already logged in, then Comet Data picks up the same user profile on the same browser (i.e. single sign-on feature).
Based on the roles, user is authorized per each reporting group. For example, user with a Player Administrator role is authorized to open Persons and Organizations reports, user with a Competition Administrator role is authorized to open Organizations and Competitions reports, user with Club Licensing Administrator role is authorized to open Organizations and Licensing reports, etc.
Based on the roles and the organization of the active user profile, the execution of each report is authorized specific to the parameters selected. For example, user from a regional association who is an Administrator of Players will be able to run all reports in the Persons section ONLY if the input parameters are chosen appropriately. More specifically, the Organization must be equal to his own organization or below and the Registration category must be set to Player. Therefore, access to each individual report within a group is conditional, specific to parameters selected.
To illustrate better, here is a more visual representation of the text above:
General Authorizations
Authorized roles are listed in the first column. Any other roles not listed here are NOT authorized to access Comet Data.
Green color = this role is authorized to view/run the reports from this group, as long as the Organization the selected Organization is equal to his own organization or below in hierarchy
Red color = this role is NOT authorized to view or run the reports from this group
Conditional Authorizations
Yellow color = this role is authorized to view/run the reports from this group WITH SPECIFIC CONDITIONS (i.e. there are mandatory parameters and mandatory values for those parameters), e.g:
Club Condition - Club Referents/Admins can only run reports for their own Club (if their Club is set as parameter
Competition Condition - Competition Managers, Disciplinary Managers, Referee Managers/Appointers can only run reports for Competitions where they are allocated (if such Competition is set as paremeter)
Registration Category - e.g. Reg Cat=Player - the Player Administrator can only run Persons reports if the Registration Category parameter has been set to Player. So the Player Administrator can see the data for Player, but not for Coaches, Referees, etc
Club Type - e.g. ClubType=National Team - the Administrator of National Teams can only run Persons reports if the Club Type has been set to National Team. So the Administrator of National Teams can see the data for Players, Coaches and Officials of the National Team only
Event Category - e.g. Event Cat=Seminar - the Administrator of National Teams can only run Events reports related to Seminars/Courses
Additional Notes
Transfers and Transfer Details have distinct authorizations from other Persons reports, as specified in Table above
Competition Public Reports are those reports that do not contain any sensitive data and are generally available to wider audiences. Therefore these reports can be executed by all users of COMET Data and are not subjected to hierarchy condition, i.e. a user can access these reports for any organisation in the system. These reports are:
Competitions
Competition Standings
Competition Teams
Matches
Match Phases
Player Appearances
Goalkeeper Appearances
Team Official Appearances
Match Events
All other Competition Reports are Restricted, meaning that they can be accessed by Competition, Referee and Disciplinary Administrators (+Managers/Appointers for their Competitions). The exception is Referee Assessor Marks which can only be accessed by Referee Administrators (+Appointers for their Competition)
Superusers and Data Superusers can access all reports under their hierarchy, without exception