Differences

This shows you the differences between two versions of the page.

--- 72:manage_users_groups_permissions [2019/04/23 13:24] – emr
+++ 72:manage_users_groups_permissions [2024/02/15 00:00] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 You can [[:72:manage_workspaces|manage workspaces]], users, groups and permissions from the administration tab on the left-side menu.
-=== Users ===
+===== Users =====
 Users can be added and settings can be changed from the users section of the administration tab.
@@ Line 13: / Line 13: @@
 Adding a user only adds them to the software, not a specific project or workspace. If you want to assign a role to a user, see the [[:72:assign|assign a role]] page
-=== Groups and Permissions ===
+===== Groups =====
-Instead of adding individual users to specific projects, permissions, etc. it is easier to allow groups access. Users can be added to groups and then the entire group can be allowed access or permissions.
+Instead of adding individual users to specific workspaces, permissions, etc. it is easier to allow groups access. Users can be added to groups and then the entire group can be allowed access or permissions.
 To create a group click "+ Add Group" and type in the name of the group. Hit enter/return to make the group. To add a user to the group, click the specific group. From the group page, click "+ Add Member." Once clicked, type in the name of the user and a drop down filtered menu will come up with users. Click a user to add them.
-To add permissions to a group, click the group and click 'Permissions.' From here you can select what permission and customize the levels of accessibility.
+===== Permissions =====
+To add permissions to a group, select the ''Permissions'' tab. From here you can select what permission and customize the levels of accessibility.
+Each permission can have the following attributes:
+**Mode**
+This switch defines if the permission is an Allow or a Deny.
+The following rules apply:
+  * Deny is stronger than Allow: A user has no access to a specific domain, if that user is member of two groups and one denies access to that domain and one allows it.
+  * Everything, that is not explicitly allowed is denied.
 **Domain**
@@ Line 29: / Line 42: @@
 **Workspace**
-The workspace attribute allows access to certain workspaces in Stages.
+This attribute defines for which workspace or group of workspaces the permission applies to.
 **Transitive**
-When the transitive attribute is selected, the permission is set for all subsequent modes after.
+When the transitive attribute is selected, the permission applies to the whole subtree of workspaces. If it is not selected, the permission only applies to the workspace as defined with the above attribute.
 **RMCD**
@@ Line 46: / Line 59: @@
 **Level**
-The level attribute allows specific access on parts of process applications.
+The level attribute is only relevant for the Processes domain. It corresponds with the security level of the individual process elements. For example: If a certain security level applies to a process element, a user needs Read permissions with the same level or higher to be able to see it.
 **Precedence**
-The priority of permissions is decided through the precedence attribute.
+This attibute defines the precedence of the permission. The precendence is as follows:
+**High Deny > High Allow > Low Deny > Low Allow**
 \\