Managing Permissions
This page is about creating users and managing which part's of the site they have access to.
As admin, we begin by going to the add new resource page for the Person model.
This can be done by going to the resource manager
Or by using the quick menu by hovering over the resource manager button.
All that's needed for the person at this stage is a Full name, First Name and Last Name.
Once the person is created the admin can choose to create the user registration link or assign permissions to the person first.
After creating the new user on the resource page, you can quickly get to their report page by changing the highlighted "resource" to "report" in the url.
Or, if you prefer, you can search for the user and click the display name at the top of the result.
Then go to the user section and click the copy sign up link.
This can then be sent to the user to complete the registration page.
First, every user will need added to the basic access permission group. This allows them to access the workflow page, the open-workflow pages and the enforcement workflow.
It also gives them read only access for Persons, Organizations, and Heritage Assets so that they can select them from drop down lists.
Simply search for the Basic Access and click it's 'edit' button
then add the new user as a member.
NOTE: we intend to have basic access automatically apply to new users in future
After basic access has been assigned you can search for the specific permissions the user need in the same way and add them as members.
When user's are added to multiple groups they will gain all of the permissions from each of the groups.
If the group you're looking for does not yet exist it is easy to set them up.
Follow the same instructions for getting to the Person's add new resource page but this time select Group
Be sure to name the group.
The Arches plugin contains a list of all the workflows and other plugins in the application.
Any plugins selected here will be visible to users who are members of the group.
In the permissions tab you can select read, write, execute, and or delete actions to be permitted on any chosen set or logset.
It's important to give at least read access for any types of resource which are used in dropdowns for their workflows.
TODO: documentation on Global Group
If none of the options for resources are specific enough for the group you're making you are able to define a new logset.
Once again, go to the resource manager and this time select Logical Set.
Name the set and then you'll need to set the member definition.
This text box accepts any search string that works on the search page. Due to this you can use the search page to create these strings or to test them and ensure they are configured correctly for the group.
For example:
If you go to the search page and change the resource type it will append a valid resource-type-filter to the url
If you copied that string into the member definition then permissions acting on this logset would apply for all Consultations
To limit the reach of this logset we could use the advanced search tab to create more specific criteria.
For example, to create a logset that only influenced consultations that require a HM action we could do the following.
- click the advanced tab
- in the side panel find the consultation section then the Action node group
- in the options that appear set the Action Type node to "equals" and "HM"
Now an advanced-search-filter will be appended onto the end of the url
And this can be added as a member definition
