| Zeile 789: |
Zeile 789: |
| | ===Group-Level Authorization=== | | ===Group-Level Authorization=== |
| | | | |
| − | The group-lelel authorization is implemented through group permissions, which a set of rules specifing access to different resources: | + | <br/> |
| | + | |
| | + | The group-level authorization is implemented through group permissions, which a set of rules specifing access different resources for group users. The permissions are split into categories and subcategories for easier navigation. |
| | + | |
| | + | <br/> |
| | | | |
| | [[Datei:FMCU-Server-Group-Permissions.png]] | | [[Datei:FMCU-Server-Group-Permissions.png]] |
| | + | |
| | + | <br/> |
| | | | |
| | In the picture are shown permissions for group '''manager'''. If a checkbox corresponding to a certain resource is set, the resource for the users is allowed, otherwise denied. | | In the picture are shown permissions for group '''manager'''. If a checkbox corresponding to a certain resource is set, the resource for the users is allowed, otherwise denied. |
| | | | |
| − | The permissions are split in the following categories: | + | <br/> |
| | + | |
| | + | Some examples of permissions: |
| | + | |
| | + | <br/> |
| | + | |
| | + | * '''Actions / Facility / Mode / ServiceEntry'''. If the action '''ServiceEntry''' is set, the users of this group can open the gate in entry direction. |
| | + | |
| | + | <br/> |
| | + | |
| | + | [[Datei:FMCU-Server-Group-Permissions-ServiceEntry.png]] |
| | + | |
| | + | <br/> |
| | + | |
| | + | * '''Tables / audit / Read'''. The page '''Administration | Audit''' shows data from the '''audit''' database table. By default, access to the ''audit'' table is denied for all groups. That means, the data on the '''Administration | Audit''' page can be shown only for superusers. |
| | + | |
| | + | <br/> |
| | + | |
| | + | [[Datei:FMCU-Server-Group-Permissions-Audti-Read.png]] |
| | + | |
| | + | <br/> |
| | + | |
| | + | |
| | + | * '''Views | Menu | Administration | Groups'''. If the view is not set for a group, the menu item is hidden for the users of this group. |
| | + | |
| | + | <br/> |
| | + | |
| | + | [[Datei:FMCU-Server-Group-Permissions-View-Groups.png]] |
| | + | |
| | + | <br/> |
| | + | |
| | + | The permissions are split in the following top categories: |
| | | | |
| | {| class="wikitable" | | {| class="wikitable" |
| Zeile 804: |
Zeile 841: |
| | |- | | |- |
| | |Actions | | |Actions |
| − | |Some actions, the user can execute from the dashboard | + | |Actions, the user can execute from the dashboard |
| − | |Open a gate | + | | '''ServiceEntry''', allow/deny users to open facilities permanently in entry direction |
| | |- | | |- |
| | |Tables | | |Tables |
| | |Create, read, update and delete records in database tables | | |Create, read, update and delete records in database tables |
| − | |Access to the audit table | + | | Allow/deny users to access the audit table |
| | |- | | |- |
| | |Views | | |Views |
| | |Show or hide user interface elements | | |Show or hide user interface elements |
| − | |Shor or hide the menu '''Administration / Groups''' | + | |Show/hide menu '''Administration / Groups''' |
| | |} | | |} |
| | + | |
| | + | |
| | + | |
| | + | |
| | + | If the user belongs to more than one groups and the access to a resource in one of the groups are allowed, the access to the resource to the resource is allowed. |
| | | | |
| | ===Location-Level Authorization=== | | ===Location-Level Authorization=== |
| | | | |
| | <br /> | | <br /> |