As a part of the feature roll-out our consultant, Talisen, has recommended that I perform 'User Experience Testing'. This is basically an audit of our users, the roles we assign them to and the processes or tasks which should be assigned to those roles.
Some of it was basic database cleanup, removing old employees and contractors, but, some of it was an education. I had not yet been called upon to support any of my users in compliance, accounting, or legal, so, I've gotten to learn how they utilize our data.
(If you'll be controlling roles and processes, I'd recommend taking this System Administration class. It was an excellent introduction to this topic, and others. http://www.archibus.com/index.cfm?circuit=training_detail&template_id=475&pagesection=Training&menu_id=47 Some of the topics will also be on offer at the Archibus Users Conference this May http://www.archibus.com/nexus/ )
The first consideration in user permissions are Security Groups, which will control what data your users can view or edit. Each user can be assigned up to 10 security groups.
As you can see in the screenshot below, the Task titles in the System Administration Domain are pretty self-explanatory.
A user's Role controls the applications, tasks and data they can access.
Whether you call them Processes or Applications (I favor the latter, as evidenced in my illustration above), they are how we break down to a particular business process.
When assigning Applications to Roles (or to individual Users), you can drag and drop a whole Application, or expand it to just select one of the Tasks within it.
Note: If you fail to assign an Application to a User, they will see nothing but a blank screen instead of the Process Navigator.
The name Task is fairly self-explanatory here; clicking on the task launches a View, which allows you to access the data and tools to complete that particular task.