What is the manual setting of permissions for records?
In contrast to the , the manual approach does not utilise any automatic processes. This method of setting permissions is thus carried out separately for every record – this process is thus not as recommended for newly created data. If you want to work effectively in the long term, the automatic setting of permissions for records should be used for creating passwords. However, the manual setting of permissions is generally used when editing already existing records.
Adding additional users with permissions
In the previous section, it was clarified that permissions for records are granted either directly to one user or to several users grouped in a role. With this knowledge, the permissions can as such be set manually for a record. In the client module, you can access the permissions in the list view of a record in three different ways:
- Icon in the ribbon
- Context menu of a data record (right-click)
- Icon at the right edge of the reading pane
The author is created with all rights for the record. As described in the , you can now add both roles and users. You can go to the search filter by right clicking on the tab or using the corresponding icon in the ribbon. The filter helps you to quickly find those users who should be granted permissions for the record in just a few steps.
The multiple selection is also enabled. It allows to add several users via the Windows standard Ctrl/Shift + left mouse button.
Setting and removing permissions
By default, all added users or roles receive only the “Read” right on the record. It can be extended as required. You can add users as well as administrative roles using the available tools. The right “Read” right at the beginning is sufficient to view the fields of the data record and to use the password. Write permission allows you to edit a data record. * The right “Authorize” is necessary to authorize other users to the record *. This is also used as a basis for the .
A simple right-click on a user can be used to copy and transfer rights configurations of users or roles to others in the context menu. In this context, the use of rights templates is also very practical. In the “Template” area of the ribbon, you can save configured permissions, including all users, and reuse them for other records.
The transfer of rights and their reuse can be an important building block to create and maintain entitlement integrity. This method cannot rule out misconfigurations, but it will minimize the risk significantly. Of course, the correct configuration of these templates is a prerequisite.
The add right
The “add right” holds a special position in the authorization concept. This right controls whether a user/role is permitted e.g. to create a new record within an organisational structure. Consequently, this right can only be set in the organisational structure module.
The owner right may be made available to each user. These rights are more of a guarantee. Once assigned, there is no way to remove users or roles with the owner right from the permissions for a record. This is only possible by the user or the role itself, as well as by users with the right “Is database administrator”.
The owner right thus prevents other users who have the “Authorise” right from removing any users from the record.