# Configuring Auditor Profiles & Qualifications

QMS can capture key demographic information about auditors, and manage the variety of qualifications that may be required for an auditor to perform any given role on various types of audits. This addresses scenarios where it can be difficult to know which personnel are authorized to perform a role on an audit.

You can also track and manage auditors' progress towards qualifications (including the history of audits performed by that auditor) to assess eligibility of an auditor to perform various types of audits. Eligibility, in this context, is the automated creation of _User Role Setup_ records, granting auditors rights to content across Vault by way of [Matching Sharing Rules](/en/lr/36122/). As a result of fully utilizing this process: 

  * When populating an audit's Quality Team, only authorized and qualified individuals will be available for selection within each team role of the audit.
  * Progress of any given auditor towards requisite qualifications can be tracked and found within Vault's _Auditor Profiles_.

With this feature fully configured, audit teams can have clarity on what qualifications are required for an individual to appropriately perform a specific role during an audit, and who within their organization meets those qualifications.

## How Auditor Profiles & Qualifications Work

The _Auditor Profile_ object allows management of identifying information about your organization's auditors. _Auditor Roles_ provide organizations a way to define what types of roles they need to identify in service of the various types of audits they perform.

_Qualifications to Complete_ and _Role Qualification Criteria Status_ then represent the criteria that an auditor must meet in order to be qualified to perform in a specific _Auditor Role_. All of these are tied together by a special section on the _Auditor Profile_ object detail page, which surfaces the qualifications of the auditor: What qualifications they currently have, had in the past, or have started to work towards.

Vault creates _Auditor History_ records when you add or remove a user from a Quality Team on the _Audit_ object record.

## Configuration Overview

While _Auditor Profile_ configurations will vary between organizations, the configuration steps described below enable all benefits of the Auditor Profiles & Qualifications feature set. To take full advantage of the _Auditor Profile_'s security provisioning automation, you will need to be familiar with [Matching Sharing Rules](/en/lr/36122/), and your organization's security configuration.

- Add an _Auditor Profiles_ [custom object tab](/en/lr/23516/) to be used for managing Auditors' roles and qualifications.
- Add an _Auditor Roles_ custom object tab to be used for defining _Auditor Roles_ and their requirements.
- Add the special _Auditor Role Qualification Status_ section to the _Auditor Profile_ [object page layout](/en/lr/26387/).
- [Configure the _Sync Auditor History_ action][1] on the _Auditor Profile_ object and object lifecycle. This action is only applicable to Vaults which have executed audits prior to the configuration and enablement of Auditor Profiles.
- [Configure the _Create User Role Setup_ action][2] on the _Role Qualification Status_ object lifecycle.
- [Configure the _Remove User Role Setup_ action][3] on the _Role Qualification Status_ object lifecycle.
- Configure the appropriate _Auditor Roles_ needed to support your organization, including [matching fields](/en/lr/33946/) necessary for automatically creating appropriate _User Role Setup_ records, and the qualifications necessary to satisfy the roles.
- Configure a [Vault job](/en/lr/22897/#how-to-define-object-operation-jobs) to handle the necessary state change on _Role Qualification Status_ records representing when re-qualification may be necessary.

## Configuring the Sync Auditor History Action {#sync-audit-history}

When executed, this action populates the _Auditor History_ object with records that are sourced from the Quality Team Member objects that are associated to the _Audit_ object, detailing each time the auditor was added or removed from a Quality Team on an _Audit_ record.

[Enable the Sync Auditor History action](/en/lr/43127/#assigning-actions-to-an-object) on the _Auditor Profile_ object. You can then configure the action as a user, entry, or event action in the _Auditor Profile_ object lifecycle.

This action is only applicable to Vaults which have executed audits prior to the configuration and enablement of Auditor Profiles. It only needs to be run one time per auditor profile where the auditor in that profile has participated in Audits prior to the configuration of this feature.

## Configuring the Create User Role Setup Action {#create-user-role-setup}

Add the _Create User Role Setup_ action to the _Role Qualification Status_ object lifecycle as either a [user action or entry action](/en/lr/59885/). Most configurations should follow the entry action approach, so that User Role Setup record creation is automated as _Role Qualification Status_ records are updated.

The _Create User Role Setup_ action populates a _User Role Setup_ record with the user, application role, and other fields used for [dynamic access control](/en/lr/33946/) purposes. When adding the action, select the appropriate **User Role Setup Object** associated with the _Audit_ object. Each of the **Matching Fields** in the action configuration are mapped to the corresponding fields in the _User Role Setup_ object when the resulting _User Role Setup_ record is created through the action.

If your configuration involves the automated granting of rights to qualified authors via use of the _Create User Role Setup_ action, then you should consider configuring automated removal of those rights by [configuring the _Remove User Role Setup_ action][3].

As a result of configuration issues like inactive or deleted fields or the _Do Not Copy_ checkbox being selected, users may receive an error message after executing the _Create User Role Setup_ action. Vault displays the following message when an attribute is invalid to direct users to adjust the configuration as needed: The matching field on the _Create User Role Setup Record_ action configuration is no longer valid. Please reconfigure the action or the field to proceed. 

## Configuring the Remove User Role Setup Action {#remove-user-role-setup}

This action deletes a _User Role Setup_ record when the _Auditor Role Qualification Status_ enters a specific state. The _Remove User Role Setup_ action is the opposite to the _Create User Role Setup_ action, used to remove access from users who've had lapses in their qualifications. Add the _Remove User Role Setup_ action to the _Role Qualification Status_ object lifecycle as either a [user action or entry action](/en/lr/59885/).

This action may be present as both action types in some configurations, allowing for automated lapses in Role Qualification Statuses to result in loss of access, as well as allowing Business Admins or managers to revoke access manually where appropriate. Such access removal only applies to new _Audits_. It does not impact any in-progress or already assigned _Audits_. The user whose qualification has been revoked by this action will not be selectable until requalified.

When adding the action, select the appropriate **User Role Setup Object** associated with the _Audit_ object. This should be the same object defined in the correlated **Create User Role Setup** action.

Additionally, if a _Role Qualification Status_ record is deleted from an _Auditor Profile_ when an _Audit Role_ is deleted, Vault also deletes any _User Role Setup_ records associated with the _Role Qualification Status_ record.

  [1]: #sync-audit-history
  [2]: #create-user-role-setup
  [3]: #remove-user-role-setup