This article describes the existing permission resources (permissions to functions) and the permissions solution in Signifikant.
Permissions to functions
The below permissions are used to control access to functions within Signifikant. If a user does not have permission to a function, user will not see the function.
Permission names | Description |
Administration | Access to administration module. |
AddToOrderCart | Access to add parts to order cart (‘add-to-order’ cart button). |
PlaceOrder | Access to place order and to MyOrders menu. This permission also allow user to save order. Note that user without permission will actually see place order and save buttons, but will get directed to login page if pressing any of these buttons. |
System | Default access. |
CompanyAdministration | Access to Create/update company details and create/update users and access to order received to company. |
Bulletin | Access to bulletin module. |
Feedback | Access to feedback module. |
MyAccount | Access to my account module. This permission also allows user to add notes if notes function is enabled. |
LoginPermission | Access to login. This function is used to be able to approve users before they are allowed to sign in. |
Synchronize | Access to synchronize data to offline viewer from web-viewer. |
Quotation | Access to create quotation. |
| PartReplacement | Access to view Part replacement history. |
| PriceDisplayModes | Users can choose to show discounts in settings. |
| Price | User can see price. |
| Availability | User can see availability. |
| EditShippingAddress | User can edit shipping address under MyAccount. EditShippingAddress function need to be turned on. |
| EditBillingAddress | User can edit billing address under MyAccount. EditBillingAddress function need to be turned on. |
| TemporaryShippingAddress | User can edit shipping address on order page to create a temporary shipping address. |
| TemporaryBillingAddress | User can edit billing address on order page to create a temporary billing address. |
| SupportCentre | User has access to support centre function. |
| LocalAdministrators | User has access to local admin function. Note that any user having Administration permission will see full administration and not local admin function. |
Permissions to data
Permissions may be created on information in the system. Permission can be any names and there can be an unlimited number of permission created.
Permissions can be put on parts, part assemblies, catalogues, documents, content sets. Permissions may also be put on presentation types, which may be used to create a permission on an information type. E.g. some parts may be restricted and these parts are classified as restricted parts using presentation type. A permission can now be put on this presentation type. Note that information may only be one presentation type.
Groups
Permission resources consist of groups and these groups are applied to user. Groups can be shared between permission and as a result user belonging to the group will have access to permissions among which they are shared.
When designing permissions groups can be used to give an user access to several functions or data. It may also be used to create one group per function, to allow to set individual permissions on users. Groups need to be designed carefully to persist to some level over time.
How to use permission resources and groups
Permissions to resources (functions or data) are connected to a group. Users being assigned to that group will have access to the resources in that group.
The connections between permissions and groups are defined in the permissions.config file. Which groups users belog to is defined by the user's credentials which may be fetched from Signifikant's database or from external solutions as an Active Directory.
Manager
Permissions can be set on data in Manager. Nodes and Presentations may have permissions. At publish it is possible to limit which permissions are actually published to a web server or to an offline version. This function allows to limit the actual data available on a remote istallation.
Which permissions are available to select in the Manager is controlled by permissions.config located on the Manager server. The permissions.config is located at:
C:\ProgramData\Signifikant\Assert
WebViewer
If Signifikant Web Viewer is used for administrating users and groups permissions, admin will be able to select groups (0 or more) on each user. The permissions are available under each user in the admin section of the Web Viewer.
Which permissions are available to select in the Web Viewer is controlled by permissions.config located on the web server. The permissions.config is located at:
Server level: C:\inetpub\wwwroot\AssertWeb\App_Data
Site level: C:\inetpub\wwwroot\AssertWeb\App_Data\<site>
If permissions.config exist in both App_Data and in App_Data\<site>, the version in <site> will be used.
Permissions.config
<Id>1</Id> | This is integer value written in incremental way. |
<Enabled>true</Enabled> | true or false will disable or enable Permission. If false, access control will be turned off for that function and users will be allowed to access the function. |
<Name>MyAccount</Name> | This holds the name of Permission resource. |
<Note>Users can access MyAccount settings</Note> | Description of permission. |
<Groups> | Groups hold the role applied to user. |
To apply permission or enable permission.Write the permission setting as per below example in permission.config file.
<ResourcePermission>
<Id>6</Id>
<Enabled>true</Enabled>
<Name>MyAccount</Name>
<Note>Users can access My Account settings</Note>
<Groups>
<string>EndClient</string>
</Groups>
</ResourcePermission>
<ResourcePermission>
<Id>7</Id>
<Enabled>true</Enabled>
<Name> Feedback </Name>
<Note>Users can access Feedback</Note>
<Groups>
<string>EndClient</string>
</Groups>
</ResourcePermission>
<ResourcePermission>
<Id>8</Id>
<Enabled>true</Enabled>
<Name>Bulletin </Name>
<Note>Users can Bulletin</Note>
<Groups>
<string>ServiceTeam</string>
</Groups>
</ResourcePermission>
In above example “EndClient” group is shared between Feedback and MyAccount whereas Bulletin is available to only groups called ‘ServiceTeam’.
Related articles