Permission Settings Methodology

1. Assign permissions only for what you truly need and not unnecessarily more

1. Assigning a role to a specific department

If permissions are assigned to a specific department, the NEN System User will receive permissions to perform actions (e.g., administer the procurement procedure) only within that department and, if applicable, its subordinate departments (see the right to subordinate departments checkbox).

Example: If NEN System Users A and B have the role of Administrator of PP within the same department, and user A creates a new procurement procedure, user B can automatically administer that process as well.

This setting is suitable for situations where it is acceptable or even advantageous (to allow for substitutes in case of vacation/sickness) for NEN System Users from the same department to work with the same procurement procedures.

2. Assigning a role to a specific contract

Tuto funkci lze využít, pokud určitý Uživatel systému NEN bude administrovat pouze konkrétní zadávací postup (např. pouze určité druhy zadávacích postupů) a nepotřebuje tak mít roli přiřazenou na určitý útvar, nebo potřebuje přístup k zakázce z jiného útvaru, nebo potřebuje pouze dočasný přístup (např. auditor).

This function can be utilized when a particular NEN System User will administer only a specific procurement procedure (e.g., only certain types of procurement procedures) and does not need to have a role assigned to a specific department, or when they require access to a contract from another department, or need only temporary access (e.g., an auditor).

2. Properly assign permissions to external administrators

Do not create accounts for external administrators within your organization, instead, grant access to procedures for the designated administrator. This allows you to securely limit actions to only those requested and ensure a proper audit trail, as outlined in the next rule.

3. Do not share accounts

A NEN System User who shares their account with a colleague is also responsible for the actions of that colleague conducted under their account. Proving the facts to an auditing authority can be very problematic. We recommend that every NEN System User who will perform their work on behalf of the contracting authority in the NEN system has their own access established solely for this purpose, along with an appropriately assigned role.

4. Keep substitutability in mind

When creating permissions across all departments, it should always be ensured that two people have access to each public contract/ procurement procedure/ tender. In cases where this cannot be set up due to capacity or other reasons, it is advisable to reduce the number of subordinate departments in the interest of substitutability, so that they always meet the capacity requirements for substitutability.

5. Do not create unnecessary accesses to the NEN system

It may happen that an entity’s administrator creates access for all employees within their organization. Although this action can assist with substitutability, it does not seem ideal, as not all employees in the organization will actively work in the NEN system. Therefore, we recommend creating persons and granting permissions only for individuals who will actively administer public contracts or related tasks in the NEN system.

6. Assign only roles necessary for work

If an organization manages its contracts, we recommend optimally setting only the roles that the given individual truly needs for their work. An excess of roles, which the NEN System User cannot even utilize, is certainly not appropriate. Assigning mutually exclusive roles also appears to be significantly problematic. An example of this could be the assignment of the role of administrator of a procurement procedure alongside the observer role for the same department or the same procurement procedure. Setting simultaneously a purely operational role along with a supervisory role does not make sense, as these roles inherently exclude each other. We recommend assigning permissions to individuals that truly correspond to the actions that will primarily be performed under the user’s access. This principle should not be violated.

Regularly review assigned accesses and permissions

We recommend that any changes occurring in the future for NEN System Users be appropriately planned and subsequently applied in the NEN system promptly when appropriate. We also recommend conducting a review of all permissions periodically to gain an overview of who has what permissions. This can lead to a reassessment of permissions and optimize them for better usage by NEN System Users.

A common life situation in the NEN system is the permanent departure or temporary suspension of an employee's work within the organization, during which the permissions of such an employee are carelessly left unchanged. Two different scenarios may arise here:

1. If the employee permanently ends their employment, we recommend removing all roles from that NEN System User and suspending their user account.

2. In cases where the employee's absence from the workplace is only temporary, we recommend only suspending access while leaving their assigned roles unchanged. If such an employee returns to work, the process for restoring access can then be carried out.

1. Renaming a department

In the event of renaming a department, no further actions are required.

2. Moving a department under another department

In the event of moving a department, no further actions are required.

3. Deactivating a department

The following steps need to be taken:

1. Transfer all NEN System Users to other departments

2. Assign roles to all newly transferred NEN System Users

3. Transfer all public contracts from the deactivating department to a new one

4. Deactivate the department

We recommend making these changes whenever it is necessary to modify the structure of your organization or when there is a need to transfer any NEN System User to a different department.