Gate ~ FMCU ~ management dashboard/en: Unterschied zwischen den Versionen
< Gate ~ FMCU ~ management dashboardZur Versionsübersicht zurückkehren
← Gate ~ FMCU ~ management dashboard/en
← Gate ~ FMCU ~ management dashboard/en
(→Authorization) (Markierung: 2017-Quelltext-Bearbeitung) |
(→Authorization) (Markierung: 2017-Quelltext-Bearbeitung) |
| (17 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 784: | Zeile 784: | ||
==Authorization== | ==Authorization== | ||
| − | |||
| − | + | Access to certain resources provided by the application, e.g. facilities, actions, user interface elements, can be limited or unlimited. Access is unlimited if the user is a superuser. Any superuser can set or remove the '''Superuser''' property for any other user. Access for non-superuser users can be restricted by their groups ('''group-level permissions''') and/or locations ('''location-level permissions'''). | |
| + | |||
| + | |||
| + | ===Group-Level Authorization=== | ||
| + | |||
| + | Group-level authorization is implemented through group permissions, which are a set of boolean values (true/false) that allow/deny group users access to various resources. The permissions are divided into categories and subcategories for easier navigation. | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | [[Datei:FMCU-Server-Group-Permissions.png]] | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | The image shows the permissions for the '''Manager''' group. If a checkbox is set, the resource is allowed for the users, otherwise it is denied. | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | Here are some examples of permissions: | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | * '''Actions / Facility / Mode / ServiceEntry'''. If the action '''ServiceEntry''' is set, the users of this group can open the gate in the entry direction, otherwise they cannot. | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | [[Datei:FMCU-Server-Group-Permissions-ServiceEntry.png]] | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | * '''Tables / audit / Read'''. The '''Administration | Audit''' page displays data from the '''audit''' database table. By default, access to the '''audit''' table is denied to all groups. This means that the data on the '''Administration | Audit''' page is only displayed to superusers. | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | [[Datei:FMCU-Server-Group-Permissions-Audti-Read.png]] | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | |||
| + | * '''Views | Menu | Administration | Groups'''. If the '''Groups''' checkbox is set, the menu item is shown to the users, otherwise it is hidden. | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | [[Datei:FMCU-Server-Group-Permissions-View-Groups.png]] | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | The permissions are divided into the following top categories: | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |+ | ||
| + | !Category | ||
| + | !Description | ||
| + | !Example | ||
| + | |- | ||
| + | |Actions | ||
| + | |Actions, the user can execute from the dashboard | ||
| + | | '''ServiceEntry''', allow/deny users to permanently open facilities in entry direction | ||
| + | |- | ||
| + | |Tables | ||
| + | |Create, read, update and delete records in database tables | ||
| + | | Allow/deny users to access the '''audit''' table | ||
| + | |- | ||
| + | |Views | ||
| + | |Show/hide user interface elements | ||
| + | |Show/hide the '''Administration / Groups''' menu | ||
| + | |} | ||
| + | |||
| − | |||
| − | |||
| − | = | + | {{ Box_Note | Note Text = If the user belongs to more than one group and access to a resource is allowed in one of the groups, the user can access the resource }} |
<br /> | <br /> | ||
| + | |||
| + | {{ Box_Note | Note Text = The configuration of items in the ''Views'' category should be consistent with items in the ''Tables'' category. For example, if a menu for a page is configured to be displayed, but the database table whose data is displayed on the page is configured to be denied, the data will not be displayed }} | ||
| + | |||
===Location-Level Authorization=== | ===Location-Level Authorization=== | ||
| + | |||
| + | Location-level authorization means that some location-aware resources, such as facilities, groups, and users, can be assigned to one or more ''locations'' and/or ''positions,'' so that the user can access only those resources that have the same locations. | ||
| + | |||
| + | For example, there are two locations: '''Standort1''' with positions '''P1''' and '''P2''' and '''Standort2''' with positions '''P3''' and '''P4''': | ||
| + | |||
| + | |||
| + | [[Datei:FMCU-Server-Locations1.png]] | ||
| + | |||
| + | In the above picture, '''All positions''' means '''P1''' and '''P2''' for '''Standort1''' and '''P3''' and '''P4''' for '''Standort2'''. | ||
| + | |||
| + | If we take the user '''manager''' and select locations and positions like in the picture below | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | [[Datei:FMCU-Server-Locations2.png]] | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | then the user '''manager''' will have access to other location-aware resources (users, groups and facilities) as follows: | ||
| + | |||
| + | |||
| + | {| class="wikitable" | ||
| + | |+ | ||
| + | !Position | ||
| + | !Access allowed | ||
| + | |- | ||
| + | |P1 | ||
| + | |Yes | ||
| + | |- | ||
| + | |P2 | ||
| + | |Yes | ||
| + | |- | ||
| + | |P3 | ||
| + | |Yes | ||
| + | |- | ||
| + | |P4 | ||
| + | |No | ||
| + | |} | ||
<br /> | <br /> | ||