Permission profiles
Using Permissions, system admins can grant or restrict access for the following profiles:
- Users
- Groups
- Systems
Permissions allow an admin to control which parts of an Apteco software installation a given profile can access, limiting interaction with the features and functionality specified by the admin.
For a new system, the default system level permissions allow an admin access to all resources. Post installation system permissions should be adjusted to reflect your organisations security requirements.
Permission states¶
A permission can be in one of three states:
- Granted (a tick): A granted permission resource is visble to a profile.
- Denied (a cross): A denied permission resource is hidden, and not visible to a profile.
- Undefined (empty): An undefined permission denies access to a resource if no overriding permission exists.
Permissions for multiple groups¶
Note
Permissions are inherited. A user receives all permissions that are assigned to their user, group and system profile.
Multiple groups are used to conveniently apply multiple permissions to a user. Having multiple groups only makes a difference when users & groups/permissions features are used together.
You can place a user in multiple groups if you’re not using user permissions. However, only the starred group is recognised by FastStats.
Some general guidelines on permissions assignment are:
- Users should be assigned to one or more groups
- Groups should represent a function of the end user, perhaps a country, region, or product
- Permissions should be assigned to groups as standard, making resolution of security issues easier to understand
- Permissions should only be assigned to users as an exception