What are Permission Groups?
Introduction
Permission Groups are the heart of Permissions. A user is assigned to a Permission Group and it is that Permission Group which determines what they have access to do in your system. These Permission Groups allow for you to give the same permissions to the different groups of users you have in your system.
The following groups would be examples of Permission Groups in Securitytrax systems:
- Sales Reps
- Technicians
- Lead Reps
- Managers
- Regionals
- Office Admin
- Accounting
- Owner
A Permission Group can be one person or one hundred people. You may have three different Sales Rep Permission Groups or multiple Admin Permission Groups. The size and scope is up to each individual company.
Terms
Permissions
The feature that allows you to set and customize user access to pages, features and abilities within Securitytrax.
Permission Group
Permission Groups are used to define a set of Roles, Grants, and Policies. Permission Groups are then assigned to users to give necessary access and responsibilities within the system. A user can only be a member of one Group at a time.
Permission Category
A Permission Category contains related Resources. The following Permission Categories exist in Securitytrax:
- Content Management
- Calendar Event
- Tag
- System Management
- Equipment/Inventory
- Customer
- User
- Dashboard Card
- Reports
- Leads
Resource
A Resource represents an object and its associated properties in the system, such as a customer or user. A Resource can have related Resources. For example, a customer can have one or many customer_files. A Resource also has associated Attributes. Click here for a list of all current Resources in Securitytrax.
Attribute
Attributes are data points that exist on Resources. For example, these are a few of the Attributes on the customer Resource:
- First name
- City
- Sale Date
Note: Not every Resource will have Attributes listed.
Grant
Grants describe the actions that are available on Resources. A Resource can have one or more applicable Grants. The most commonly used Grants in Securitytrax are as follows:
- View
Allows the User to view information on the Resource
- Create
Allows the User to create information on the Resource
- Modify
Allows the User to modify information on the Resource
- Delete
Allows the User to delete information on the Resource
Other Resource specific Grants do exist and will relate to the Resource they live on.
Policy
A Policy allows you to limit a Permission Group or user's access to a particular Resource . The limitations available will vary from Resource to Resource. On the customer Resource you can apply Policies which limit based on assignments, creation, office location or even sale date. The Policy allows for customization of Grants on the Resource.
Example:
I want to allow the sales rep that is assigned to the customer to view that customer. I do not want them to be able to view a customer they are not assigned to. The Grant allows us to give permission for a user to view the customer. The Policy limits the permission so they can only view the customer where they are the assigned sales rep.
Note: Not every Resource will have Policies you can use to limit the Grant.
Group Policy
A Policy associated with a Permission Group that will apply to all Users within the Permission Group.
User Policy
Provides the ability to override (or append to) the Policies applied a user’s assigned Group. User Policies are specific to the user and do not effect the Groups' Policies on a Resource.
Overview
The following section will provide a breakdown of Permission Groups and their associated Resources, Grants and Policies.
Permission Groups
Permissions are applied to a user via a Permission Group.
That Permission Group is made up of three sections:
- Group Details
Group Details are just the name and description of the Permission Group.
- Select Roles
Roles are the responsibilities a user is given in Securitytrax.
- Click here to learn more about Roles.
- Permission Categories
The Permission Categories contain related Resources, which allow for customizable Grants and Policies.
The Resources within the Permission Categories are the most important part of the Permission Group.
Resources
Resources represent objects and their associated properties in Securitytrax. A resource is what you are building your permission around. A couple of examples of Resources are Customer and User.
Attributes
Most Resources in your system typically have Attributes, or data points, connected to them.
For Example, the following are the first five Attributes on the Resource of Customer:
- First Name
- Customer's first name.
- Last Name
- Customer's last name (surname).
- Spouse
- Name of the customer's spouse.
- Address
- Address line 1.
- Apt/Suite
- Address line 2 or the apartment / suite details.
As you can see, the Attributes are the data points that are on the Customer Resource. If you are trying to determine how to grant or restrict access to a specific data point in your system, then you will want to find the Resource, whose Attributes contain that data point.
Grants
Grants describe the actions that grant or restrict a user's access. A Resource can have one or more applicable Grants. The most commonly used Grants in Securitytrax are as follows:
-
View
Allows the User to view information on the Resource
-
Create
Allows the User to create information on the Resource
-
Modify
Allows the User to modify information on the Resource
-
Delete
Allows the User to delete information on the Resource
Other Resource specific Grants do exist and will relate to the Resource they live on.
For Example, a few of the additional Grants on the Customer Resource are as follows:
- Apply Tag
- Modify Account Class
- Manage Central Station Integration
These Grants are specific to the Customer Resource and would not apply on another Resource, such as Funding or User License.
Policies
A Policy allows you to limit a Permission Group or user's access to a particular Resource . The limitations available will vary from Resource to Resource.
For Example, on the customer Resource you can apply Policies which limit based on user assignments, creation of customer, office location or even sale date.
The Policy works hand and hand with Grants on the Resource. The following example will help illustrate the relationship between a Grant and a Policy.
Example:
I want to allow the sales rep that is assigned to the customer to view that customer. I do not want them to be able to view a customer they are not assigned to. The Grant allows us to give permission for a user to view the customer. The Policy limits the permission so they can only view the customer where they are the assigned sales rep.
Policies are not required in order to grant a user permissions within a Resource. In fact, not every Resource will have Policies you can use to limit the Grants.