Roles & Access Control
Administrator
 

Access control and Permissions: Who sees What?

Connected to roles is an important aspect of the system: Permissions. The following sections explain this in more detail.

RBAC – Role Based Access Control

Role Based Access Control is used to control who has access to what within the system. That is to say, which features are available to which role. Permissions are granted at the role level alone and not at the user level.

Permissions are granted and removed as required.

Note: Superadmin is a special role and has access to all components within the system.

To understand this a bit more, say you want to control users with Admin roles to allow creation of New Service Items. To do this, enable Manage Service Items in the Role definition area and enable permissions under it.

DLAC – Data Level Access Control

As opposed to Roles, DLAC controls which tickets (data) is seen by which user.

In terms of Data Level Access Control then, what this means is Data is only visible to individuals who belong to a Group. Users can however belong to several groups in which case they can see tickets from all groups they belong to.

So, as an example, a user can only see tickets assigned to her group. Default assignment to a group can easily be setup within each Service Items record. During creation of a ticket then, whenever a service item is selected, it gets assigned to a Group as defined in the service item. (It can then be assigned to an individual as well but it is not mandatory to assign this during creation of a new ticket.)

Note: Customers can only see their own tickets by default.

CRUD – Create/Read/Update/Delete

The Create Read Update Delete matrix is thus a combination of RBAC and DLAC.

As an example, if you would like to have a user with Management role who can see all tickets but have a skinned down interface, follow these steps:

  1. Create Role Management
  2. Uncheck most areas like Setting up Users, Roles, Groups, Status, Priority, and so on.
  3. Go to User list, open the user and apply the Management Role
  4. Open Groups and add user to ALL groups.

You now have a user who has limited menu and features clutter, but can see all tickets n the system.

If you do not have users or groups setup yet, read the next sections.