Versions Compared

Version Old Version 32 New Version 33
Changes made by

Mattias Löfstrand

Mattias Löfstrand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The permissions functionallioty is based on two concepts; permissions and groups.

  • Permissions is used internally in the application to control access to a function or to data. Permissions can control functions (as defined in the application) or data (as defined in data). 

  • Groups are a list of permissions defined in permissions.config.

Users in the web viewer will internally have a list of permissions associated to the user. The list of permissions an user has is a union of several sources: 

  1. User may have groups connected to the user. These groups come from either an external source as an AD or from the web viewer server database. The groups will give the permission.

  2. User may be connected to an organisation which has groups. The groups will give the permission.

  3. User may have used the call centre function and selected a proxy user or proxy organisation. User will the get the groups associated with the proxy user or proxy organisation. See Call centre and local admin.

  4. The site may have permissions set on the site. User will get the permissions on the site

Permissions.config

Permissions.config is used to enable permissions control of functions and to add permissions control on data. It is also used to map permissions to groups.

...

 The below permissions are used to control access to functions within Signifikant. If a user does not have permission to a function, user will not see the function.

Permission names

Description 

Administration

Access to administration module.

AddToOrderCart

Access to add parts to order cart  (‘add-to-order’ cart button). 

From version 5.0 and later it is possible to set the default permission on AddToOrderCart. <EnableAddToOrderCartDefaultPermission> is used to set the default permission.

PlaceOrder

Access to place order. This permission also allow user to save order.

Note that user without permission will actually see place order and save buttons, but will get directed to login page if pressing any of these buttons.

MyOrders

Access MyOrders menu. This permission also allow user to look at the order history.

OrderType

Access to OrderType selector.

DeliveryOption

Access for user to change delivery options.

System

Default access.

CompanyAdministration

Access to Create/update company details and create/update users and access to order received to company.

Bulletin

Access to bulletin module.

Feedback

Access to feedback module.

MyAccount

Access to my account module. This permission also allows user to add notes if notes function is enabled.

LoginPermission

Access to login. This function is used to be able to approve users before they are allowed to sign in.

Synchronize

Access to synchronize data to offline viewer from web-viewer.

Quotation

Access to create quotation.

PartReplacement

Access to view Part replacement history.

PriceDisplayModes

Users can choose to show discounts in settings.

Price

User can see price.

Availability

User can see availability, as an icon based on availability level. E.g. X for not available.

AvailabilityValue

User can see availability level, actual value

EditShippingAddress

User can edit shipping address under MyAccount. EditShippingAddress function need to be turned on.

EditBillingAddress

User can edit billing address under MyAccount. EditBillingAddress function need to be turned on.

TemporaryShippingAddress

User can edit shipping address on order page to create a temporary shipping address. 

TemporaryBillingAddress

User can edit billing address on order page to create a temporary billing address. 

SupportCentre

User has access to support centre function.

LocalAdministrators

User has access to local admin function. Note that any user having Administration permission will see full administration and not local admin function.

EditPresentation

Will give user access to edit presentation (part) in web viewer, for web viewers accessing editor database.

EditAssets

Users can add, edit and import assets

Permissions to data

Permissions may be created on information in the system. Permission can be any names and there can be an unlimited number of permission created.

Permissions can be put on parts, part assemblies, catalogues, documents, content sets. Permissions may also be put on presentation types, which may be used to create a permission on an information type. E.g. some parts may be restricted and these parts are classified as restricted parts using presentation type. A permission can now be put on this presentation type. Note that information may only be one presentation type.

Handling permissions to data in Manager

Permissions can be set on data in Manager. Nodes and Presentations may have permissions. At publish it is possible to limit which permissions are actually published to a web server or to an offline version. This function allows to limit the actual data available on a remote installation.

Image Modified Image Modified

Which permissions are available to select in the Manager is controlled by permissions.config located on the Manager server. The permissions.config is located at: 

Code Block
C:\ProgramData\Signifikant\Assert
Info
title

Version 5.0 information

In version 5.0 permissions to functions in Manager is introduced. Data permissions have to be tagged in permissions.config to appear as permissions on data.


WebViewer

If Signifikant Web Viewer is used for administrating users and groups permissions, admin will be able to select groups (0 or more) on each user. The permissions are available under each user in the admin section of the Web Viewer.Image Removed

...

Which permissions are available to select in the Web Viewer is controlled by permissions.config and profile.config located on the web server. By default the groups will be displayed in the web viewer, as in the screen dump above.

Templates

Profile.config can be used to define a set of groups and templates for users and organisations. The groups will become possible access rights choices in the web viewer and the templates will become a drop down to set several access rights choicesby just making one choice. A clarifyinmg text can be added. All will at the end be mapped to permissions.Image Removed

...

The drop down in the web viewer will be populated by the settings in the <PermissionsTemplate> block in profile.config.

Permission templates
Code Block
languagexml
titlePermission templates
	<PermissionTemplates>
		<PermissionTemplate>
			<Name>Default</Name>
			<GroupNames>Price,PriceDisplayModes,PlaceOrder,Bulletin,Availability,MyAccount,SafetyParts</GroupNames>
		</PermissionTemplate>
		<PermissionTemplate>
			<Name>Default Temporary Shipping Address</Name>
			<GroupNames>Price,PriceDisplayModes,PlaceOrder,Bulletin,Availability,MyAccount,SafetyParts,TemporaryShippingAddress</GroupNames>
		</PermissionTemplate>
	</PermissionTemplates>


The descriptions on the groups shown in the web viewer is fetched from the <PermissionGroups> block in profile.config.

PermissionGroups
Code Block
languagexml
titlePermissionGroups
	<PermissionGroups>
		<PermissionGroup>
			<Name>Administrators</Name>
			<Description>Permission to administer users, pricelists</Description>
		</PermissionGroup>
		<PermissionGroup>
			<Name>LocalAdministrators</Name>
			<Description>Permission to administer users in a region</Description>
		</PermissionGroup>
	</PermissionGroups>



Permissions.config

The permissions.config is located at: 

Code Block
Server level: C:\inetpub\wwwroot\AssertWeb\App_Data

...


Site level: C:\inetpub\wwwroot\AssertWeb\App_Data\<site>

If permissions.config exist in both App_Data and in App_Data\<site>, the version in <site> will be used.

<Id>1</Id>

This is integer value written in incremental way.

<Enabled>true</Enabled>

true or false will disable or enable Permission. If false, access control will be turned off for that function and users will be allowed to access the function.

<Name>MyAccount</Name>

This holds the name of Permission resource.

<DataPermissionEnabled>

Version 5.0 and later. If true this permission will appear as a permission on data in Manager. 

<Note>Users can access MyAccount settings</Note>  

Description of permission.

<Groups>
  <string>EndClient</string>
</Groups>

Groups hold the role applied to user.

To apply permission or enable permission.Write the permission setting as per below example in permission.config file.


ResourcePermissions
Code Block
title
languagexmlResourcePermissions
<ResourcePermission>
   <Id>6</Id>
   <Enabled>true</Enabled>
   <Name>MyAccount</Name>
   <Note>Users can access My Account settings</Note>
   <Groups>
      <string>EndClient</string>
   </Groups>
</ResourcePermission>
<ResourcePermission>
   <Id>7</Id>
   <Enabled>true</Enabled>
   <Name> Feedback </Name>
   <Note>Users can access Feedback</Note>
   <Groups>
      <string>EndClient</string>
   </Groups>
</ResourcePermission>
<ResourcePermission>
   <Id>8</Id>
   <Enabled>true</Enabled>
   <Name>Bulletin </Name>
   <Note>Users can Bulletin</Note>
   <Groups>
      <string>ServiceTeam</string>
   </Groups>
</ResourcePermission>

<!-- Alternative syntax -->
<ResourcePermission name="PlaceOrder" enabled="true" note="Users can place order" 
  groups="Administrators,CompanyAdministrators,EndClient"/>
Code Block

In above example “EndClient” group is shared between Feedback and MyAccount whereas Bulletin is available to only groups called ‘ServiceTeam’.

Filter by label (Content by label)
showLabelsfalse
max5
spacesASKB
showSpacefalse
sortmodified
typepage
reversetrue

...

labelspermission function access user groups
cqllabel in ( "function" , "access" , "user" , "groups" , "permission" ) and type = "page" and space = "ASKB"

...


Page Properties
hiddentrue


Related issues