Access Control

From CollectiveAccess Documentation
Revision as of 19:15, 25 October 2012 by Jonathan (talk | contribs) (Created page with "'''CREATING LOGINS ''' *Under the Manage menu, select ''Access control'' *Select ''+New user'' File:Full_access.png *Next, enter the basic info about the account: **Mak...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

CREATING LOGINS

  • Under the Manage menu, select Access control
  • Select +New user

File:Full access.png

  • Next, enter the basic info about the account:
    • Make sure to click Account is activated
File:Access basic.png
  • User class determines if the login is used for the front-end (Pawtucket) or back-end (Providence)
    • Full access – both front and back-end
    • Public access – front-end only
    • Deleted – access is deactivated, but a user’s logs are still viewable
  • Switch the "Show [full-access] users" drop-down on the User logins screen to toggle between user classes


ROLES

  • Each login should have a role assignment.
  • To define roles, navigate to Access roles
  • To view the permissions set in a default role, click the edit icon
  • There are two components to roles: Actions and Metadata access
    • Actions define system privileges of various types
    • Metadata access defines whether a user has “no access”, “read-only access” or “read/edit access” on a per-field basis
  • To see a definition of a specific action, mouse over and hover on the action name. A description will appear

File:Action access.png File:Metadata access.png

  • To create a new role, click +New role under Access roles


GROUPS

  • To create a new group, click on +New group under User groups
  • Groups allow you to lump users into buckets for the purpose of sharing forms, sets, and displays. Access to records can also be granted per user or per group
  • After you define your group you can add users and assign the group a role
    • Navigate to User logins, click Edit for a login and apply a group via the Group menu


RECORD LEVEL ACCESS

  • Access to a record can be granted or denied on a user or group basis
    • Access is defined as no access, can read, can edit and can edit + delete
  • Add rules via the Exceptions area of the screen

File:Record access.png

  • Remember to press Save to commit your access changes
  • Currently, Global Access and Exceptions pertain only to back-end access
  • To suppress a record from view on the front-end, change the value of the Access drop-down
    • The Access drop-down is a hard-coded field and it lives on a user-defined screen, rather than the Access screen

File:Pawtucket access.png

Namespaces

Variants
Actions
Navigation
Tools
User
Personal tools