Managing Privileges & Roles
The most secure way to manage privileges for users and roles is to confine use of privilege to commands in a rights profile. The rights profile is then included in a role. The role is assigned to a user. When the user assumes the assigned role, the privileged commands are available to be run in a profile shell. The following procedures show how to assign privileges, remove privileges, and debug privilege use.
This Application has built-in permission system which was based on ACL architecture, so you can set permission for role (group) or given user to separated modules.
In Eicra's Application, there are three privilege levels, as well as an extra 'Administrator' privilege. The three privileges take effect per user per table, i.e. a user can have certain privileges on one table and different ones on another. By default software has three rolls such as Developer, Administrator and registered members. Roll is an encapsulated mode of permissions of various modules.
The levels are
- VIEW: ability to read data only
- EDIT: ability to read and edit data
- MANAGE: ability to modify the database structure, i.e. create/delete tables, fields, reports etc., basically to build up and tear down databases. MANAGE also allows a user to unlock an individual record for editing if it has been locked.
For people with less privilege, the user interface is simplified.
Super Admin Privileges:
In our application model, Super admin retains un-restricted access to the application. Super admin act a "root" positioning itself top of privileges hierarchy. Unlike other applications, "Administrator" privilege remain just under "Super Admin" which allows admin to performs all administrative task with a bit of limited access.
The core idea is "Super Admin" is preserved for high tech technical staffs of web developer to configure the system/website accordingly to client's requirements. Site owner or head of team can perform his/her daily administrative jobs using "Administrator" access but admin can't garb the system due to limited privilege.
As an super administrator or, to assign privileges, use the Administrator module at the bottom of pane
The administrator privilege doesn't apply to a particular table but is a global option that allows setting up of users, roles, assigning privileges and creating modules. If the number of users you manage starts to become large, you may want to assign them roles, which allows privileges to be managed on a mass basis. If a user has a certain role, he/she has all the privileges assigned to that role. Users can have more than one role.
To assign privileges, click on the 'Administration' module then 'users' or 'roles'. This will allow you to select a user/role and assign table privileges. When setting user privileges, Eicra's Application will show any privileges that the user already has due to being a member of a role. In this example, the user has been given MANAGE privileges specifically on timesheets and performance criteria and is a member of a role that has MANAGE privileges on price list and roles.