Permissions
Admin can manage user access to the entities, using the Permissions tab in the Admin panel.
General
There are three access levels:
- Read - allows users to configure the entity's visibility in the system and see detailed information about entities
- Edit - allows users to create or edit the entities
Permission has 2 values: allow or deny, and can be applied for:
- Object types
- Categories
- Objects
- Attributes
- Relations
- Module
List
Admin can see all permissions in one list:
- the name and type of entity
- users or groups for which the permission is set
- the type of access
Permissions are grouped by the entity in the list.
The different types of access for users in the user group can be defined. Admin can click on the group name in the list to expand the detailed user list with personal permissions.
Also, on this page, Admin can:
Search
- for permission by entity name, name of the user or group name
Order by
- change the number of the list point for one page of pagination, from 10 to 35
- sort the list by Object type, Category, Object, Attribute, Relation and Module
Delete
- delete one permission entity using the trash icon in the list
- tick several entities using checkboxes and delete them at one time
- tick the checkbox near the search field and select all permissions on the page
- click on the Delete All button and remove all permission entities
Please note, that if the permission entity is deleted, the user will have access according to the licence.
Create
Create a new relation using the ‘Add new permission’ button.
On the Add new permission page, Admin can choose one of the five levels for permissions:
Attribute - different attribute types exist in the application
Object - applied on the defined object
Category - applied to the objects, related to the defined categories
Object type - applied to the different object types
Relation - The relations are defined between two object types. (For more detailed information, please refer to the Relation page)
Module - includes special object types, categories, and objects to help organize features and tools for easy access. Setting permissions for a module controls access to all items, categories, and objects within that module.
| Item | Description | UI |
|---|---|---|
| Level | allows Admin to choose the type of entity | radio buttons |
| Select the permission level | allows Admin to select one or several entities | multiple search input |
| Permission level | allows Admin to add a user or user group to the access level field using the search field; | multiple search input |
Please note When you hover over a user’s name, a tooltip showing their email address appears.
Rules
The permissions system follows these General Rules:
- access to the object type involves access to the category and objects with this object type
- access to the category involves access to the objects in this category, without reference to the object types
- access to the object has higher priority than to the category or object type
- access to the category has higher priority than access to the object type
- access for the group involves access for every user in the group
- personal access to the user has higher priority than access to the group
| Permission access levels | Object type | Category | Object | Attributes | Relation |
|---|---|---|---|---|---|
| Allow Read | Users can view an object card of this type in a module, category, or search results. They can filter objects by the defined object type, view both the object card and object page, and use the object type for creating new objects and filtering existing ones | Users can view the category along with the objects involved. They can access both the object card and object page within the category, and use the category for creating new objects and filtering existing ones | Users can view the object card in the system and access the object page for detailed information | Users can view the attribute on the object page and in the filter sidebar. They can see the attribute with its value on the object page and filter objects based on the attribute | Users can view the relation on the object page and in the filter sidebar. They can also see the relation on the object page and filter objects based on the relation |
| Denied Read | Users cannot view the object type in the filter sidebar or see objects with this object type in the system. They also cannot use the object type to create categories or objects. However, users can view the object cards for objects with this type but do not have access to detailed information on the object page and will instead see a placeholder. Users can still use the object type for creating objects and filtering | Users cannot view the category in the filter sidebar or see the category when creating or editing objects. They also cannot view the objects involved in the category. However, users can see the object cards for objects within the category but do not have access to detailed information, seeing a placeholder on the object page instead. Users can still use the category for object creation and filtering | Users cannot view the object card or object page in the system. However, they can see the object card, but will not have access to detailed information, instead seeing a placeholder on the object page | Users cannot view the attribute on object pages or in the filter sidebar. They can see the attribute title, but a placeholder is shown instead of the attribute value on the page. Users also cannot use the attribute for object creation or filtering | Users cannot view the relation on object pages or in the filter sidebar. They also cannot see the relation on the object page or use the relation for object creation and filtering |
| Allow Edit | users can view and edit the object with the object type; users can use the object type for object and category creation; users can use the object type for filtering | users can view and edit the object involved in the category; users can edit the category; users can use the category for object creation and filtering | users can view and edit the object | users can view and edit the attribute value related to the object | users can view and edit the relation related to the object |
| Deny Edit | users can view the object page, but can't edit the object with the defined object type; users can use the object type for category and object creation; users can use the object type for filtering | users can view the object involved in the category, but can't edit; users can't edit the category; users can use the category for object creation and filtering | users can view the object page, but can't edit the object | users can view the attribute, but can't edit the attribute on the object page; users can't use the attribute for object creation; users can use the attribute for filtering | users can view the relation, but can't edit the relation on the object page; users can't use the relation for object creation; users can use the relation for filtering |
Permissions don't apply to the menu
For example:
If a user has allowed access to the object type, but denied access to the category, he doesn't have permission for the object in this category
If a user has allowed access to the object type and a category with this object type, but denied access to the object, he doesn't have permission for this object
If a user has denied access to the object type or category, but allowed access to the object, he has permission for the object
If a user has denied access to the object type, but allowed access to the category, he has permission for objects in this category only
If a user has denied Read permission to object type or category, he will see all types and categories in the filter - but will see a stub when he goes to the object view
If the admin assigns the Edit permission to a user with the Empty or Reader licences, the user's licence changes to the Editor automatically
If the admin assigns the Read permission to a user with the Empty licence, the user's licence changes to the Reader automatically
If the admin assigns Read permission to a user with the Reader licence, the user's licence doesn't change. This rule is relevant to the Editor user with edit permissions as well
If the admin assigns the Read permission to the Editor or the View permission for any user, the user's licence doesn't change
If the admin assigns the Read permission to the empty group, all group's members get the Reader licences
If the admin assigns the Edit permission to empty or the readers group, all group members get the Editor licences
Depending on the licences
Permission levels are related to the licences. Admin can expand user access using permissions. It means, that if a user with the Reader licence takes on the Edit permissions, his licence will be automatically updated to the Editor. The same, if a user with the Empty licence takes on the Read permission, his licence will be updated to the Reader.
The licence level will be raised depending on permission, but won't be reduced. If a user with the Editor licence takes on the Read permission, his licence level will be kept.
Permissions don't apply to the user with the Admin licence
Module Access Permissions logic
Read Allow Setting
When the "Read Allow" setting is applied to a module:
Header Accessibility: The module is displayed and accessible in the system header.
Object Visibility:
Objects belonging to the module are available for reading.
These objects appear on list pages.
Search Functionality: Objects can be located using the search feature.
Object Page Access: The detailed page for each object is accessible for viewing.
Read Denied Setting
When the "Read Denied" setting is applied to a module:
Header Accessibility: The module is hidden and inaccessible in the system header.
Object Visibility:
Objects belonging to the module are not available for reading.
These objects do not appear on list pages.
Search Functionality: Objects cannot be found via the search feature.
Redirection on Access Attempt:
If a user attempts to access an object’s view or edit page, they are redirected to the Dashboard.
The redirection is accompanied by an error notification informing the user of the access restriction.
Notification Details
When redirected to the Dashboard, the following error message is displayed:
"You do not have permission to access this object. Please contact your administrator for assistance."
Related Information
Module Settings: Refer to the "Module Configuration" guide for instructions on enabling or disabling module access.
Error Handling: For details on error notifications and logs, see the "Error Handling and Logging" documentation.