This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
userzone:userdoc:access:rights [2014/09/22 13:44] Roel [Adding groups] typo |
userzone:userdoc:access:rights [2021/09/23 17:14] (current) roel typos corrected |
||
---|---|---|---|
Line 1: | Line 1: | ||
======Changing access rights ====== | ======Changing access rights ====== | ||
====General setup==== | ====General setup==== | ||
- | In Gemstracker, every user is assigned to one group. | + | In GemsTracker, every user is assigned to one group. |
One group is assigned one role. | One group is assigned one role. | ||
- | One role has a set of privileges.\\ | + | One role has a set of privileges. |
+ | A role can inherit privileges from another role.\\ | ||
+ | Additionally, a user is assigned to an organization (see adding users), and the user will only be able to access respondents of this organization, unless specific privileges have been granted. There are two ways in which a user can have access to respondents of other organizations: | ||
+ | - By granting an organization the right to access one or more other organizations (an organization level privilege) | ||
+ | - By granting the cross-organization privilege in a role, this will grant access to all organizations (a user-group privilege). | ||
- | There are a few predefined roles: Super, admin, staff, researcher, guest, nologin, physisian, respondent, security.\\ | + | There are a few predefined roles: Super¹, admin¹, staff, researcher¹, guest, nologin, physisian, respondent, monitor, security¹.\\ |
- | Also a set of predefined groups is predefined: Super administrators, local admins, staff and respondents.\\ | + | Also a set of predefined groups is predefined: Super administrators¹, Local admins¹, Staff, Monitors and Respondents.\\ |
+ | ¹//These have cross-organization privileges// | ||
+ | The basic level to change rights is add a new group with one of the predefined roles.\\ | ||
- | The basic level to change rights is at the roles level.\\ | + | Additionally, to create groups with customized privileges you need to: |
- | + | ||
- | To create additional groups with customized privileges you first need to: | + | |
- create a new role | - create a new role | ||
- create a group with this role | - create a group with this role | ||
- | - make sure the group that can create accounts has access to this new role (needs to inherit from the new role you created) | + | - make sure the group that can create accounts has access to this new role (needs to inherit from the new role you created and needs to be set at group level) |
====Adding roles==== | ====Adding roles==== | ||
- | * Go to Roles under Setup - Access* | + | * Go to Roles under Setup - Access¹ |
* Go to new | * Go to new | ||
* Enter role name, description and select parent roles from which this role will inherit rights | * Enter role name, description and select parent roles from which this role will inherit rights | ||
Line 24: | Line 28: | ||
* Press '**__Save__**' | * Press '**__Save__**' | ||
- | * You can only see this tab if you have the right to access it | + | ¹ //You can only see this tab if you have the right to access it// |
====Adding groups==== | ====Adding groups==== | ||
- | * Go to Groups under Setup - Access* | + | * Go to Groups under Setup - Access¹ |
* Go to new | * Go to new | ||
* Enter groupname | * Enter groupname | ||
Line 32: | Line 36: | ||
* Press '**__Save__**' | * Press '**__Save__**' | ||
- | * You can only see this tab if you have the right to access it | + | ¹ //You can only see this tab if you have the right to access it// |