Users are only allowed to do things in the system according to their permissions.

What elements they get access to and what they are allowed to see/select/edit is determined by the permissions in interaction with the organizational unit selected in their user.


User

In our authorization system, users only act downwards or at the same level. This way, no one can exceed their authority.


 Examples


Example A:

My user is created on the top organizational unit Global.


By my role I have the permission to:

  • see/edit/create/delete applications 
  • see application status of role xyz
  • see/edit/create/delete job postings


Case 1 

An application has been received for a job opening that is on the top-level organizational unit: Global.

I can see the application.

Case 2

An application has been received for a job opening that is on the middle organizational unit: Standort Hamburg.

I can see the application.

Case 3

An application has been received for a job opening that is on the middle organizational unit, Standort Berlin.

I can see the application. 

Case 4

An application has been received for a job opening that is on the lowest organizational unit: Vertrieb.

I can see the application.


Example B: 

My user is created on the middle organizational unit Standort Hamburg.


Through my role I have the authorization to

  • see/edit/create/delete applications 
  • see application status of role xyz
  • see/edit/create/delete job postings.


Case 1 

An application has been received for a job opening that is on the top organizational unit: Global.

I cannot see the application because my user can only see items at my organizational unit level or below.

Case 2

An application has been received for a job opeing that is at the top organizational unit: Standort Hamburg.

I can see the application.

Case 3

An application has been received for a job opening that is on the middle organizational unit, Standort Berlin.
I cannot see the application because I am limited in view and action authorization to my organizational unit. If I were to see the application as well, my user would have to be moved to the organizational unit above location Berlin and location Hamburg. That would be the organizational unit Deutschland.

Case 4

An application has been received for a job opening that is at the lowest organizational unit: Vertrieb.

I can see the application because the organizational unit Vertrieb is below my user's Location level.


The same is true for items such as correspondence templates, job advertisement templates, job publication templates, master data, and everything else. I can only access what is at my level or below for editing it with my user.

If I want to create a job opening, I can only do so at my organization level or below.


Systemelements 

Elements that are created in the system inherit in exactly the opposite way to the permissions of the users. If a correspondence template is to be selectable in every organizational unit, it must be created globally. It is exactly the same with locations etc. 


If a location sould be selectable everywhere, then it must be created at the global level.


 Examples

In the System are the following Locations:
Hamburg: Organizational unit Global (Organizational level: Global)

München: Organizational unit Deutschland (Organizational level: Land)

New York: Organizational unit USA (Organizational level: Land)

Berlin: Organizational unit Standort Berlin (Organizational level: Standord)

Vertrieb: Organizational unit Vertrieb (Organizational level: Abteilung)


A) Job openings at Organizational unit Global
I can select the following locations: Hamburg

All other locations in the system are not selectable, because they were not created on the global organizational unit.


B) Job openings at Organizational unit Hamburg
I can select the following location: Hamburg, München

Also, I cannot select locations that are created at the organizational unit Abteilung because the organizational unit of the job opening is above it.


C)Job openings at Organizational unit Abteilung

I can select the following location: Hamburg, München, Berlin, Vertrieb

I can select all locations created from my organizational unit (Vertrieb), up to the top organizational level (Global).