There must always be a permission defined that needs to be inherited by a user in order to access a business service or an option/function inside it. 

It is recommend to define a new permission for each business service instead of associating multiple services to the same permission.

Exceptions to this recommendation can be applied in some cases:

  • In some cases a business service can require multiple permissions to be granted or one of the permission form the list to be granted
  • In some cases it is practical to use one permission for multiple business services. For example, when multiple maintain services of the same business nature are implemented for to cater for different entity types, then one permission can be used for all of them. E.g. a company can be private or public, therefore the two maintain details services are implemented: maintain private company and maintain public company. Those two must refer to one permission “maintain company”. If we were to create two permissions and then give them to users with entity relationship in the permission pools then that would be confusing as relationship record exists for one entity of a specific entity type.

A permission associated with a business service needs to be added into the permission pools based on the access requirements of the service:

  • If guest users are allowed to use this service then associated permissions must be included into PP01 Guest user permission pool.
  • If external registered users are allowed to use this service without having an active relationship with the entity, then associated permissions must be included into PP02 External registered user permission and PP03 Organisation access permission pool.
  • If external registered users are allowed to use this service only if they have an active relationship with the entity, then associated permissions must be included into Relationship types permission pools (PP10+)
  • If internal users are allowed to use this service then associated permissions must be included into PP04 Internal user permission pool and required Permission groups.

If user requires additional permission(s) to access options/functions inside a service then such permission must be defined and assigned to the correct permission pools.

0
0
Previous
Permissions to Access Data
Next
Permission Pools

Jump to Section