Permissions Matrix

JPAC offers fine-grained access control to both the types or resources being controlled and the types of tasks being performed. The grid below helps with understanding what permission is needed (the cell content) to perform a task (the column headers) on a particular type of resource (the first column).  There are explanatory notes below the grid to help with interpreting it.

Notes:

  • Being an ADMIN overrides all other permission, and is equivalent to having full access to every resource. It is not possible to limit the access to any resource for an Admin.
  • READ permission is always required to access any resource. Without READ permission, a resource cannot be accessed by the user regardless of other permissions they may have.
  • Specific User permissions override group permissions on the same resource.
  • If the user is a member of multiple groups on same resource then:
    • A blocked group overrides other access
    • If there are no blocks, then user gets the widest permission with narrowest time range.

Examples 

  1. What permission is required to change the description of a Role? Changing a description (or any detail on a resource) is an UPDATE task. Using the matrix, find “Role” row and “Update” column. The intersection of this row and column shows that “Update” permission is required. As there is nothing in brackets following the permission, this permission must be set on the specific role you want to update.
  2. What permission do I need to add a person to an Org Unit? Adding or removing items from a resources, including people and records, is a MANAGE task. Using the matrix find the “Org Unit” row and “Manage” column. The intersection of this row and column shows that “Manage” permission is required. As there is nothing in brackets following the permission, this permission must be set on the specific role you want to update.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles