TABLE OF CONTENTS


Explanation of terms

d.vinci software products are based on a role based access control to increase the security when handling sensitive data.


  • Rights
    Users are only able to perform actions for which they have the necessary rights. This includes the rights to view content and to perform actions. If the necessary rights are missing, content will not be displayed or buttons for performing actions will be hidden.
    Example right: View applications


  • Permissions
    Users receive rights in the form of permissions. A permission is an object in d.vinci that can be selected and assigned.
    Permissions cannot be assigned to users directly. Instead, permissions are added to roles and user roles. With the assigned roles, users also receive the included permissions and thus the associated rights.
    Example Permission: Applications | view / edit / create / delete


  • View and action permissions
    Sometimes a linguistic distinction is made between view and action authorization. A view permission allows to see content (by showing the content). An action permission allows to perform actions (by displaying the necessary buttons).
    However, this is only a linguistic distinction, since view permissions are basically action permissions to see.


  • Active and passive permissions
    Active
    Action permissions are active permissions. They give users the right to actively perform actions. In their name, active permissions carry the reference object as well as the rights related to it:
    • Applications | see/ edit/ create
    • Applications | see/ edit/ create/ delete
  • Passive
    Passive permissions give users the right to be selected for the actions of other users, e.g.
    • Selectable as contact person personnel department for Hiring Requests
    • Selectable as supervisor for Hiring Requests


Configuration

Rights are contained in permissions. These permissions are added to a role.

To do this, open the page Roles, create a new role using +Role or press on the name of an existing role and then on the Edit icon to modify the role and make entries after Permissions:. 


Sometimes it can be necessary to restrict a single permission to a certain organizational unit or to release it for all users.

How to do this and an example can be found here: Receive recommendations globally


Behavior in the system

New features are often linked to existing or new permissions.

  • If a new function is linked to an existing permission, the new function automatically becomes usable for every user whose user role(s) includes this permission.
  • If a new feature is attached to a new permission, you must first manually add that permission to a role so that users in that role can use the new feature. We provide information about this in the release notes


How our customers use this

Our customers have created very different authorization constructs using the roles. 

Almost everywhere, the roles Human Resources Department and Business Department are used. However, the authorizations stored in our standard user roles often do not fit 100% to the use case in the respective company. There are too many very different workflows and people have too many different authorizations.

With new roles, however, individual users or many users can easily be authorized to perform certain activities or access certain views.