Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
borderStylesolid

The purpose of this page is to describe the Identity and Access Management (IAM) hierarchy, both the Previous version which existed prior to 21 February 2012, and the changes implemented in the current version. (info) Click here to view a detailed PowerPoint presentation describing the IAM process and role distribution.

Introduction

The Research Participant Portal offers external stakeholders a unique entry point for their interactions with the European Commission, or Agencies, in handling grant-related actions. This entry point is based on:

  • single sign-on (ECAS)
  • role-based authorization using the Identity and access management (IAM) system, which is the subject of this page.

This results in personalised services on the Portal, access to legal entity registration, negotiation, amendments, financial and scientific reporting, etc.

IAM Previous Version

Prior to 21 February 2012, the IAM hierarchy pyramid looked like this:

Image Removed

Main Features of the Old Version

The main features of the old version are as follows:

  1. One Coordinator per project.
  2. One Participant Contact per participant.
  3. Named Representatives for Science Officer, Administration, Finance and Account Representation
  4. One LEAR per Participant.
  5. No duplication of roles (e.g. a LEAR cannot be a Participant Contact, Coordinator, etc).

IAM New Version

The current (new) IAM hierarchy is as follows

Image Removed

Major Changes to the New Version

The major objective of the new version is to simplify the role management and make it more flexible. In that perspective, the following changes are made:

  1. The uniqueness of the Coordinator and Participant Contacts disappears:
    • one Primary Coordinator Contact as the main contact for the European Commission;
    • more Coordinator Contacts can be nominated per project;
    • more Participant Contacts can be nominated per organisation in a project.
  2. Task Managers and Team Members are no longer restricted to specific scope(s).
  3. The roles of Named Representatives are redistributed:
    • Former Financial and Scientific Named Representatives, and Authorised Representatives automatically become Participant Contacts (Coordinator Contacts for the Coordinating Participant).
    • Former Administrative/Legal Named Representatives automatically become Task Managers.
    • Former Authorised Signatories automatically become Participant Contacts as well.
  4. Those using the new URF version to register an organisation for a PIC, will have a self-registrant role.

Objectives of Role Management

...

allows each user to have access to a personalised space, based on 3 main elements:

  • Each user is supposed to have a unique ECAS account, which is the unique identifier for persons (linked to their professional email address).
  • Each ECAS account is linked to one (or more) PIC number(s), which are the unique identifier for organisations.
  • Each ECAS account is linked to all the roles that the user has in projects and/or organisations through IAM.
    One user can have as many roles as necessary.

The Purpose of IAM

  • The Identity and Access Management allows us to define and/or manage changes of access rights of users
    of the Participant Portal.
  • It

...

  • gives a personalised and secure access to the different services

...

  • of the Participant Portal.
  • Minimum involvement by the Commission/Agency staff allowing for flexibility in the online management of the consortium.
  • Any change in the roles of the users is

...

  • saved to allow a monitoring

...

  • & tracking service.

...

  • ECAS uses a Secure, "single sign-on" approach
    1 e-mail address = 1 person = 1 ECAS account.
  • The user must log in to access the different grant or organisation-related actions.

...

Identity and Access Management (IAM) Hierarchy

The IAM hierarchy, as of January 1 2013, is as follows:

Image Added

 

...

The Nomination Process

  • Except for the Primary Coordinator Contact and the LEAR, every role must be modified by the Participants.
  • Each user can be nominated or revoked by another user following a fixed pre-determined pattern.

Pre-defined Roles

Some roles are pre-defined in the early stages of the Project ("Original Roles") as follows:

  • The Coordinator Contact identified in the proposal will be recognised by the Commission as the Primary Coordinator Contact.
  • The contact persons of the participating organisations identified during proposal submission will become Participant Contacts at the beginning of negotiations.
  • The LEAR is validated by the Commission during the validation process of his/her organisation.

Project Roles

  • Project roles can be granted/revoked in the "My Projects" tab of the Participant Portal, using the orange "Consortium" icon.
    Image Added
  • To grant a role, the e-mail address of the "new user" will have to be filled in; this e-mail address should be the same as the one used for the ECAS account of the "new user".
  • If this "new user" doesn't have an ECAS account already, he/she will automatically receive an invitation to create his/her ECAS account.

Organisation Roles

  • Organisation roles can be granted/revoked in the "My Organisations" tab of the Participant Portal, using the blue "RO" icon.
    Image Added
  • To grant a role, the e-mail address of the "new user" will have to be filled in; this e-mail address should be the same as the one used for the ECAS account of the "new user".
  • If this "new user" doesn't have an ECAS account already, he/she will automatically receive an invitation to create his/her ECAS account.

New Role: Financial Signatory

  • The Financial Signotory (FSIGN) first needs to be nominated by the LEAR or the Account Administrators (but he will not have any right for the time being).
  • Within their organisation, the Primary Coordinator Contact/Coordinator Contact/Participant Contact will need to assign one or several FSIGNs to a specific project. Only then will the FSIGN be able to work on the project.

...

Description of Roles

The list of roles can be divided into "Project Roles" and "Organisation Roles", according to the following diagram:

Image RemovedImage Added

The Primary Coordinator Contact

...

Image Added

RightsCan nominate/revokeIs nominated/revoked by

There can be only one Primary Coodinator Contact per project.

Is the primary point of contact between the Commission and the Consortium for negotiations.

...

Has read and write access to all electronic tools, to the forms of his/her organisation and to the common forms of the consortium.

Can submit forms to the European Commission.

Coordinator Contacts, Task Managers and Team Members within his/her organisation.

...

Assign Financial Signatories to a project within his/her organisation.

Participants Contacts for any organisation in the consortium.

The

...

contact person of the coordinating entity identified in the proposal is automatically transferred as Primary Coordinator Contact.

Can only be revoked or modified by the European Commission.

Coordinator Contacts Image Added

RightsCan nominate/revokeIs nominated/revoked by

There can be maximum 4 Coodinator Contacts per project.

Has read and write access to all electronic tools, to the forms of his/her organisation and to the common forms of the consortium.

...

 
Can submit forms to the European Commission.

...

 

...

Other Coordinator Contacts

...

within their organisation; all the nominated Coordinator Contacts have similar rights.

...

 
Task Managers and Team Members within their organisation.

...

 
Assign Financial Signatories to a project within his/her organisation.
 
The Primary Coordinator Contact or another Coordinator Contact.

Participant Contacts

...

Image Added

RightsCan nominate/revokeIs nominated/revoked by
The Participant Contacts are nominated to represent the organisation within the consortium.
 
There is at least one Participant Contact per organisation, with a maximum of 5 Participant Contacts per organisation

...

.
 
All Participant Contacts have read and write access
to their

...

organisation’s forms.
 
All Participant Contacts can submit forms to the Coordinator Contacts.
Other Participant Contacts, Task Managers

...

and Team Members within his/her organisation.
 
Assign Financial Signatories to a project within his/her organisation.
The Primary Coordinator Contact only.

Task Managers Image Added

...

RightsCan nominate/revokeIs nominated/revoked by
There may be one or more Task Manager(s) per organisation.

...

 
Can create, save and update forms of their organisation

...

Team Members Image Removed

...

 N/AThe Primary Coordinator Contact or other Coordinator Contacts (for the coordinating entity).
 
Participant Contacts (for other entities).

Team Members Image Added

RightsCan nominate/revokeIs nominated/revoked by
There may be one or more Team Member(s) per organisation.
 
Have limited access rights: search, read-only.

...

The LEAR Image Removed

...

 N/AThe Primary Coordinator Contact or other Coordinator Contacts (for the coordinating entity).
 
Participant Contacts (for other entities).

Financial Signatory assigned to a projectImage Added

RightsCan nominate/revokeIs nominated/revoked by
There may be one or more Financial Signatory(s) assigned
to a project within an organisation.
 
Can electronically sign financial statements (Forms C) and submit them to the European Commission (for the coordinating entity) or to the coordinating entity (for other entities).
 
Has read and write access to his/her organisation’s forms.
N/A
The Primary Coordinator Contact or other Coordinator Contacts (for the coordinating entity).
 
Participant Contacts (for other entities).

The LEAR Image Added

RightsCan nominate/revokeIs nominated/revoked by
There can be only one LEAR per organisation.
 
Access the list of roles/persons representing his/her organisation in Projects and the

...

list of projects and proposals of his/her organisation.

...

 
Can request to revoke users from roles within his/her organisation
e.g. by asking a Coordinator Contact or a Participant Contact to revoke a role.

...

 
Is reponsible for the updates of the organisation-related data, can request (online) the modification of such data, and upload supporting documents.
Account Administrators and Financial Signatories within his/her organisation.Can only be revoked or modified by the Commission.

The Account Administrator

...

Image Added

RightsCan nominate/revokeIs nominated/revoked by
There may be one or more Account Administrator(s) within an organisation

...

.
 
Access the list of roles/persons representing his/her organisation
in Projects and the

...

list of

...

projects and proposals of his/her organisation.

...

 
Can request (online) the update of the organisation-related data.

...

 
Can request to revoke users from roles within

...

his/her organisation, e.g. by asking a Coordinator Contactor a Participant Contact to revoke a role.
Financial Signatories within his/her organisation.
The LEAR (of his/her entity).

Financial SignatoryImage Added

RightsCan nominate/revokeIs nominated/revoked by
There may be one or more Financial Signatory(s)
within an organisation.
 
Has no right as long as not assigned to a project.
N/A
The LEAR or Account Administrators (of his/her entity).

...

Roles: Summary

Project Roles

...

Image Added

Organisation Roles

Image RemovedImage Added

...

(info) Click here to view a detailed PowerPoint presentation describing the IAM process and role distribution.

(info) Click here to read more about the new IAM role changes.

new IAM process as it applies to electronic signature.