Access Overview
Access controls what permissions a user (or group) has on a resource. Each permission is outlined below to demonstrate what this access will allow a user to do. Click here for the permissions matrix.
Permission |
Details |
Example |
|---|---|---|
| Read | Read is the most basic of the permissions. It allows the user to see the resource to which they have Read permission. Without Read permission to a resource, the user will not see it in lists or be able to access any details about it. | A user with 'Read' permission on an Employment Type 'Full Time' will be able to see 'Full Time' in the list of Employment Types. A user in a Group with 'Read' as a default permission on Org Units will automatically have read permission on any new Org Units that are created. |
| Gain Access | Gain Access allows the user to view the list of People and Requirements that belong to an aggregating resource. This permission can either be set on each relevant aggregating resource, or it can be set as a default permission in a Group, which will give the users in that Group the Gain Access permission on any new resource created. | Adding "Gain Access" permission to an Org Unit will allow a user to see all people within that Org Unit, including people in Sub Org Units. |
| Update | Update allows the user to edit the details of an aggregating resource. | A user with 'Update' permission of a Role can change the name of that Role, or add a note to the Role. |
| Manage | Manage is similar to Update, but is used for People and Requirements. Permissions cannot be set directly on People or Requirements, so the Manage permission can be applied to an aggregating resource, allowing the user to edit any Person or Requirement belonging to the aggregating resource, as well as add and remove People or Requirements to the aggregating resource. | A user with 'Manage' permission of an Org Unit can edit the email address of a Person in that Org Unit, as well as add a new Person, or remove an existing Person from the Org Unit. |
| Assign | Assign allows the user to assign a Requirement to the People within a resource, which then becomes part of their compliance. | A user with 'Assign' permission of a Tag can assign a 'Working with Children Check' to the tagged People. Each person with that Tag will then need a record of a WWCC to be compliant. |
| Secure | Secure allows the user to set permissions on a resource. Typically the permissions are set by an admin, but in a larger organisation, setting permissions may be delegated to a manager for specific org units or roles, etc. | A user with 'secure' permission on a Requirement Type can give (or remove from) another user the 'Manage' permission for that particular Requirement Type. |
| Audit | The Audit permission gives the user access to read the audit logs for a resource. | A user with 'Audit' permission on an Org Unit can see any changes that have been made by themselves or other users, and which user made the changes. |
| Block | Block is a special permission that should only be used sparingly. It is used limit access in narrowly defined cases by overriding Read permission that has been set at a broader level. This is done by setting a permission without selecting any of the above mentioned permissions. | A user may have 'Read' and 'Gain Access' permissions to a Parent Org Unit, but should not have any permissions for one of the Sub Org Units. A block can then be set for the Sub Org Unit so that the permissions do not apply to that Sub Org Unit. |