This is an old revision of the document!
Permissions
Access control in Stages works through permissions. A typical permission looks like this:
XXX Screenshot
The various attributes of a permission are described in the following section.
Allow / Deny
A permission can either allow access to specific elements (= enabled) or deny it (= disabled).
A Deny has higher priority than an Allow, so if a user has two permissions for a specific element and one is Allow and the other is Deny, the access is not granted.
Domain
The domain controls which part of Stages (e.g. features or parts of the process data) are impacted by the permission.
Name | Description |
---|---|
Administration Jobs | b |
Comments | d |
Compliance | x |
Compliance Management | x |
Feedback | x |
File Management | x |
Files | x |
Global Attribute Management | x |
Landing Pages | x |
Maintenance | x |
Manual Tailoring | x |
Participant-to-User Group Assignments | x |
Permissions | x |
Phase Freeze | x |
Process Execution | x |
Process Execution Configuration | x |
Workspace
sss
Transitive
sss
RMCD
RMCD controls the operations that are allowed or denied by the permission:
- R: Read
- M: Modify
- C: Create
- D: Delete
Level
sss
Precedence
In general, Deny permissions override Allow permissions:
Deny > Allow
The Precendence attribute provides more control over this hierarchy by being either High (= enabled) or Low (= disabled):
High Deny > High Allow > Low Deny > Low Allow
For example, this can be used to allow access to some specific workspaces, but not all of them:
Transitive Low Deny for all Workspaces
Non-Transitive High Allow for the Root Workspace
xxx