Permissions sets
This page explains which user permissions to enable for each menu entry of the Portal.
The permissions are cumulative. For example, if a user wants to edit an item:
- he needs to have access to the service,
- he needs to be able to read the data,
- he needs to have the permission to edit the items.
Except if he has an administrator permission.
Super user¶
A super user is a user who can access any menu entry of his instance and who can perform any action.
He does’nt need any of the permissions below.
He just needs to have the permission *=*.
Administration¶
| Feature | Permission |
|---|---|
| Access to the service configuration | admin=view |
| Read the users | users=read(‘./*’) |
| Edit the users (cannot delete users) | users=edit |
| Do everything on the users | users=* |
| Read the permission sets | permsets=read(‘*’) |
| Edit the permission sets | permsets=edit |
| Do everything on the permission sets | permsets=* |
Permission sets:
- read only the users:
admin=view&users=read('./*') - edit the users:
admin=view&users=read('./*')&users=edit - administrate the users:
admin=view&users=read('./*')&users=* - read only the permissions:
admin=view&permsets=read('*') - edit the permissions:
admin=view&permsets=read('*')&permsets=edit - administrate the permissions:
admin=view&permsets=*
Data models¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | datamodels=view |
| Read the data models | datamodels=read |
| Edit the data models | datamodels=edit |
| Do everything on the service | datamodels=* |
Permission sets:
- read only:
datamodels=view&datamodels=read - edit:
datamodels=view&datamodels=read&datamodels=edit - administrate:
datamodels=*
Reports¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | reports=view |
| Read the reports | reports=read |
| Edit the reports | reports=edit |
| Do everything on the service | reports=* |
Permission sets:
- read only:
reports=view&reports=read - edit:
reports=view&reports=read&reports=edit - administrate:
reports=*
Routes¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | routes=view |
| Read the routes | routes=read |
| Edit and execute the routes | routes=edit |
| Do everything on the service | routes=* |
Permission sets:
- read only:
routes=view&routes=read - edit and execute:
routes=view&routes=read&routes=edit - administrate:
routes=*
Routing orders¶
Note
The action edit includes: update, delete and export.
| Feature | Permission |
|---|---|
| Access to the service configuration | routingorders=view |
| Read the routing orders | routingorders=read |
| Edit and reprocess the routing orders | routingorders=edit |
| Do everything on the service | routingorders=* |
Permission sets:
- read only:
routingorders=view&routingorders=read - edit and reprocess:
routingorders=view&routingorders=read&routingorders=edit - administrate:
routingorders=*
Scripts¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | scripts=view |
| Read the scripts | scripts=read |
| Execute the scripts | scripts=run |
| Edit the scripts | scripts=edit |
| Do everything on the service | scripts=* |
Permission sets:
- read only:
scripts=view&scripts=read - execute:
scripts=view&scripts=run - edit:
scripts=view&scripts=read&scripts=edit - administrate:
scripts=*
Stripe Payment¶
| Feature | Permission |
|---|---|
| Access to the service configuration | stripe=view |
| Read the data | stripe=read |
| Be assigned to a payment task | workflow=role(‘Invoice Payers’) |
| Pay an invoice | stripe=pay |
| Do everything on the service | stripe=* |
Permission sets:
- read only:
stripe=view&stripe=read - edit:
scripts=* - pay:
workflow=role('Invoice Payers')&stripe=pay
Tables¶
Note
The action edit includes: create, update, rename, duplicate, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | tables=view |
| Read all the tables and their records | tables=allow(*) |
| Read only the records of Table1 and Table 2 | tables=allow(‘Table1’( * ), ‘Table2’( * )) |
| Read the records in Table1 where column1 has the value1 | tables=allow(‘Table1’(‘column1’=’value1’)) |
| Edit a table’s structure | tables=edit-table |
| Delete a table’s structure | tables=delete-table |
| Edit a table’s records | tables=edit-data |
| Delete a table’s records | tables=delete-data |
| Edit and delete a table’structure and records | tables=* |
Permission sets:
- read only:
tables=view&tables=allow(*) - edit structure:
tables=view&tables=allow(*)&tables=edit-table - edit structure and data:
tables=view&tables=allow(*)&tables=edit-table&tables=edit-data - delete structure and records:
tables=view&tables=allow(*)&tables=delete-table&tables=delete-data - administrate:
tables=allow(*)&tables=*