Types of Permissions

This section describes the read and edit permissions given to users or user groups. A user can also inherit permissions from the preferred group. The types of permissions explained in this section are:

Read Permission

The Read Permission can be set at these levels:

Item Level Read Permission

The Item Level Read Permission determines whether a user or user group can read an item from a specific class.

The factors that determine Item Level Read Permissions are:

  1. Item level read permission for the selected class.

  2. The users preferred groups Read permission setting for the selected class.

  3. The users preferred groups Read permission setting for the item.

  4. Whether the user is a creator or owner of the item.

    Note: You cannot assign item level read permissions for folder classes. The following table describes how the Item Level Read permissions are determined.

This table describes how the Item Level Read permissions are determined:

Item Level Read Permission Type Class Read Permission Is Creator Is Read Owner User's Item Read Permission Read Status
NULL

No

      Yes
O, U, G, M No       No
O Yes       Yes
U Yes Yes     Yes
U Yes No     No
G Yes   Yes   Yes
G Yes   No   No
M Yes     Yes Yes
M Yes     No No
  1. If the item level read permission of the class is:

  • NULL, that is, if the item level read permission is not specified, then the users can read all items of the selected class. This is applicable only at the class level as it provides faster access to the database.
  • O, and the users preferred group has read permission, then the user can read all the items of the selected class. This is applicable only at the class level as it provides faster access to the database.
  • U, and the users preferred group has read permissions on the class, and the user belongs to the Item Create users preferred group, then all the items in the the selected class are visible to the user. This is applicable only at the item level.
  • G, and the users preferred group has read permissions on the class, and the user belongs to the Item Owner group, then all the items in the selected class are visible to the user. This is applicable only at the item level.
  • M, and the users preferred group has read permission on the class, and the user belongs to the Items Owner group, then all the items in the selected class are visible to the user. This is applicable only at Item level.
  1. If the users preferred group does not have item level read permission on the selected class, you cannot read any item of the class. This is applicable only at the class level as it provides faster access to the database.

    Note: For a user in the Secure Read Override group, all the class items with item level read permissions set to M, G, or U are visible.

Property Level Read Permission

The Property Level Permission determines whether a user or user group can read a property of an item from a specific class.

Property Secure Read Permission

The Property Secure Read permission determines whether a user or user group can read the property values of an item, owned by the user or user group. This permission allows the user to see information relating to the user. For example, a user can view the salary but not the salaries of other users.

Note: By default, a user can read an item and its properties. This is possible only if the properties in the selected item do not have Property Secure Read permissions or the user owns the selected item and its properties have Property Secure Read permission.

Edit Permission

This table explains what you can do with Edit Permission:

Task Details

Create Permissions

This permission determines whether a user can create items for a specific class.

Update Permissions

Modify Items: To modify an item in a class the user must own the item and have Update permission for the class.
Modify Item Property: To modify the property values of a selected item, the user must own the item and have Update permission for the class.

Note:

  1. To restrict a user with Update permission for an item of a class, from updating the item properties, you can remove the users ownership of the item.

  2. A user can directly own an item or own all the items of the class.

Delete Permissions

To delete an item from a class, a user must own the item and have Delete permission for the class.

Permission Inheritance

Any user can inherit permissions from the group preferred to the user. A user group can inherit permissions from the parent but not from its parent's parent group. The inheritance of group permissions is at one level only.

For example, if you have read permission for an item, and the group you belong to does not have read permission on the class in which the item is present, you cannot read the item or its properties.

Note: The Managed Group inherits permissions from the Managing Group as the Managed Group is the child group and the Managing Group is the parent group.