Schema Permissions

Home » Other Functions » System Configuration » Schema Permissions
System Configuration No Comments

Every schema within TLP has permissions assigned, defining which roles can access the schema and for what purpose. There are four permissions that can be set these being;

Create                  Add a new record to the schema

Read                      Read an existing record on the schema

Update                 Update an existing record on the schema

Delete                  Delete a record from the schema

When assigning permission levels to a role you can further control role access by restricting the records that can be accessed within the role. This is used for such things as controlling your clients access to your system. The role for clients may allow them to create, read and update jobs but only for their customer code.

Setting Permissions

Access the schema you wish to administer through System Admin > Schemas and select the schema you require

Permissions1

The schema will be displayed as shown above. The permissions button allows you to set permissions. The existing permissions will be displayed as shown on the following screen shot.

Permissions2

The top of the screen shows the Profile that has been assigned to the schema at time of creation. The standard profile that has been applied to most TLP schemas allows the following;

SYSADMIN                          Full access

SITEADMIN                         Full access

FULLACCESS                       Read only

READONLY                          Read only

Below the profile a record is created for every permission level that is to be assigned. The screen shot illustrates how this works with the following being achieved for this schema;

Management                    Full access

Rating                                   Full access

FCL Operation                   Read only

LCL Operations                  Read only

The fields headed User Field and Schema Field allow you to restrict access further for that permission line. These will normally not be used but are described in the next section.

Restricting Data Access

On any permission line you may choose to limit access to records that meet a certain criteria. This is used when setting up roles for such aspects as allowing your clients to have access to your system, this being shown in the example below.

Permissions3

In this example a role of Client has been given permission to create, read and update records but only when the value of the customer field recorded on their user record matches the value of the customer field on the schema record (in this example this is the job schema).

The ability to restrict access at a permission level provides you with much flexibility. For example for a multiple depot entity  may want operational staff to be able to view all work but only update the work they are responsible for. This could be achieved by providing read permission without restriction however only allowing them to create or update jobs belonging to their depot.

The applicable fields button allows the data access to be further controlled. This is done by allowing the selection of fields you wish the role to have access to within that permission level to be defined. For example you may not wish your clients to view cost data against the job in which case you would tick all other fields except for the cost ones. The default setting is to allow access to all fields.

The fields that you do not restrict will be shown if the view that role is using features the field however there will be no contents in the field.