TABLE OF CONTENTS
- Explanation of terms
- Configuration
- Behavior in the system
- How our customers use this
- More articles on this topic
Explanation of terms
d.vinci software products are based on a role based access control to increase the security when handling sensitive data.
- Rights
Users are only able to perform actions for which they have the necessary rights. This includes the rights to view content and to perform actions. If the necessary rights are missing, content will not be displayed or buttons for performing actions will be hidden.
Example right: View applications
- Permissions
Users receive rights in the form of permissions. A permission is an object in d.vinci that can be selected and assigned.
Permissions cannot be assigned to users directly. Instead, permissions are added to roles and user roles. With the assigned roles, users also receive the included permissions and thus the associated rights.
Example Permission: Applications | view / edit / create / delete
- View and action permissions
Sometimes a linguistic distinction is made between view and action authorization. A view permission allows to see content (by showing the content). An action permission allows to perform actions (by displaying the necessary buttons).
However, this is only a linguistic distinction, since view permissions are basically action permissions to see.
- Active and passive permissions
Active
Action permissions are active permissions. They give users the right to actively perform actions. In their name, active permissions carry the reference object as well as the rights related to it:- Applications | see/ edit/ create
- Applications | see/ edit/ create/ delete
- Passive
Passive permissions give users the right to be selected for the actions of other users, e.g.- Selectable as contact person personnel department for Hiring Requests
- Selectable as supervisor for Hiring Requests
- Selectable as contact person personnel department for Hiring Requests
Configuration
Rights are contained in permissions. These permissions are added to a role.
To do this, open the page Roles, create a new role using +Role or press on the name of an existing role and then on the Edit icon to modify the role and make entries after Permissions:.
Sometimes it can be necessary to restrict a single permission to a certain organizational unit or to release it for all users.
How to do this and an example can be found here: Receive recommendations globally
Behavior in the system
New features are often linked to existing or new permissions.
- If a new function is linked to an existing permission, the new function automatically becomes usable for every user whose user role(s) includes this permission.
- If a new feature is attached to a new permission, you must first manually add that permission to a role so that users in that role can use the new feature. We provide information about this in the release notes
How our customers use this
Our customers have created very different authorization constructs using the roles.
Almost everywhere, the roles Human Resources Department and Business Department are used. However, the authorizations stored in our standard user roles often do not fit 100% to the use case in the respective company. There are too many very different workflows and people have too many different authorizations.
With new roles, however, individual users or many users can easily be authorized to perform certain activities or access certain views.
More articles on this topic
- Receiving recommendations globally
- Roles and user roles
- Create permissions
- Create role
- Change or delete role