Skip to content

Permission profiles

Using Permissions, system admins can grant or restrict access for the following profiles:

  • Users
  • Groups
  • Systems

Permissions allow an admin to control which parts of an Apteco software installation a given profile can access, limiting interaction with the features and functionality specified by the admin.

For a new system, the default system level permissions allow an admin access to all resources. Post installation system permissions should be adjusted to reflect your organisations security requirements.

Permission states

A permission can be in one of three states:

  • Granted (a tick): A granted permission resource is visble to a profile.
  • Denied (a cross): A denied permission resource is hidden, and not visible to a profile.
  • Undefined (empty): An undefined permission denies access to a resource if no overriding permission exists.

Permissions for multiple groups

Note

Permissions are inherited. A user receives all permissions that are assigned to their user, group and system profile.

Multiple groups are used to conveniently apply multiple permissions to a user. Having multiple groups only makes a difference when users & groups/permissions features are used together.

You can place a user in multiple groups if you’re not using user permissions. However, only the starred group is recognised by FastStats.

Some general guidelines on permissions assignment are:

  • Users should be assigned to one or more groups
  • Groups should represent a function of the end user, perhaps a country, region, or product
  • Permissions should be assigned to groups as standard, making resolution of security issues easier to understand
  • Permissions should only be assigned to users as an exception