Organisational structures as a basis
The aim of organisational structures is collect together and reflect the hierarchies and dependencies amongst employees that exist in a company. Permissions are granted to these structures as usual via the ribbon. Further information on this subject can be found in the section “”. As a specific authorization concept is generally already used within organisational structures, this is also used as the basis for further permissions. This form of inheritance is technically equivalent to granting rights based on affiliations to a folder. When creating a new record, the record receives the permissions in accordance with the defined permissions for the organisational unit.
Relevant user settings
Inherit permissions for new objects (without rights template)
This setting is relevant for newly created records.
The following values can be configured:
- Off: Permissions from OUs are not inherited
- Organisational unit: When creating new objects, permissions are set in accordance with the defined rights for the target organisational unit. This setting is active by default.
- Organisational unit and user: As well as inheriting permissions for organisation units, the configured permissions for the user are now also inherited when creating private records.
Existing passwords inherit changes to the permissions for organisational units
This option means that changes to permissions for an organisational unit will be inherited by all passwords for this organisational unit. This setting is active by default. When inheriting permissions, a dialogue will be displayed that offers you the following options:
- Increase or reduce permissions: The permissions for the passwords are retained and are only increased or reduced by the change.
- Overwrite permissions: The permissions for the passwords are completely overwritten. This means that all permissions for a password are firstly removed and then the new permissions for the organisational unit are inherited.
- Cancel inheritance: The permissions are not inherited but are only changed in the organisational unit.
This example shows the creation of a new record in the organisational structure “marketing”. It is defined in the settings for the stated organisational structure that permissions should be inherited by new objects in accordance with the organisational structure.
The permissions for the organisational unit “marketing” are shown below:
A new password is now created in the organisational unit “marketing”.
It is important that no preset is defined for this organisational unit. The permissions for the record just created are now shown.
The permissions for the “storage location” are simply used when creating new objects. Two conditions apply here:
- The value “organisational unit” must be selected in the settings for the inheritance of permissions
- There must be no for the affected organisational structure
This process is illustrated in the following diagram: