VSys One: Volunteer Management Software

Previous Topic

Next Topic

Book Contents

Book Index

User Security Rights Inheritance - Advanced Mode

  1. Unlike in compatibility mode, rights can be added and subtracted via inheritance and explicitly. This means that the order of security roles assigned to users does matter.
  2. All users inherit from the default user.
  3. Users can only inherit rights from "enabled" security roles. A user can be assigned disabled security roles and security roles can be disabled once they're assigned to people, but if a security role is disabled then the users who are assigned it gain and lose no rights from that role.
  4. The superuser right cannot be inherited, it must be explicitly assigned to each user.

How do rights work in advanced mode? For access to any given tool, e.g. Awards manager, VSys checks:

At any point along the way if VSys finds the right "Allowed" or "No access" it stops and the result is used to determine if the current user is permitted access to the tool.

If VSys finds no right other than "(undefined)" then the user does not have rights to this tool.

In summary: explicit right to the tool, then explicit right to the tool's grouping. Repeat for each role (last to first) then to the default user.

This sounds complicated but it's pretty straightforward: until access is given explicitly, VSys looks back to the roles and user it inherits from to find an explicit setting. This lets you is let you give rights to the default user or a role and not have to set it explicitly for each user. Unlike compatibility mode, though, in advanced mode VSys lets you take away rights as well. For example the default user can have rights to "Admin tools" but you can then take away rights to the Interactive File Importer. By giving rights on a tool grouping basis you can provide access to whole sets of tools and not set each tool individually, but at the same time you can then take away rights to individual tools even within the same user.

(Rights to people, jobs, certifications, projects, delegations and roles all work similarly.)

See Also

User Security Rights - Advanced Mode

User Security Concepts - Advanced Mode

Default User Rights

Security Roles

Security Roles with Domain Authentication

Tools

People

Special Rights

Jobs

Notifications

Certifications

Application Forms

Application Form Approval Statuses

Projects

Custom Fields

Delegations