Manage authorization

When authorization management is enabled, users can only access those groups and compounds that have been granted permission.

The consequence is the following:

When the ePOS development system is started, the assignment of the logged-in user to its roles is checked. Only those groups are displayed for which at least one of the assigned roles has a read authorization. If a user is not assigned to a role and does not have admin rights a message is issued and the program is terminated. If the user has admin rights, he automatically receives all permissions on all groups.

For each of the following functions, the check is performed for the granted authorization:

Editing an element (decision table, parameter table, parameter group definition, dialog) (write permission required)

Check out / check in of an element (write permission required)

Delete an element (delete authorization necessary)

Copy an item (write permission required)

Create an element (write permission required)

Consequences resulting from this authorization concept:

As an administrator, you can create a new group.

To create a compund, you need the Insert right, as well as to create new decision tables, etc.

Rights are automatically inherited from groups to their compounds. If, therefore, some compounds can be edited in a group, and others only read, then the right to read must be assigned to the group, and the right to write to the affected compounds. Each role that can make changes to the pool must be assigned to the POOL group with the required rights.

If you do not have a readiness for a group, you do not see this group. It makes no sense, therefore, to assign the right of write to a compound without the right to read the group.