A Permission Rule is a definition of access permissions to a specific entity for a specific role. Form for adding/editing a Permission Rule:
Permission Rule
1. Entity type: Displays entity name.
2. Name: Rule name.
3. Role: Role name.
4. Description: Rule description.
5. Permissions: Contains a set of permissions settings that can be given to the Role. List of actions are based on selected entity. Basic actions, common for all entities are Read, Edit and Delete. All other actions are specific for the entity. Enabling action checkbox implies that action access is assigned to the role. Permissions must be defined in order to have valid access right, e g if Read permission is not defined it is not possible to define Edit permission, etc.
Note that enabled permission has higher priority than disabled permission.
Example: Create rule for KB and enable all permissions. Then create rule for KB type Q&A and remove permission for attach file. Result: User will be able to attach file in Q&A type article, because general KB rule allows that.
Create rule for KB and disable all permissions. Then create rule for KB type Q&A and enable access permission for attach file. Result: User will be able to attach file in Q&A type article, even if general KB rule disallowed that. Enabling permission in the sub rule has higher priority.
Permission restrictions determines under which circumstances Permissions shall be valid. Permission restrictions is divided in Entity Scope restrictions, Entity Condition restrictions and Environment conditions.
6. Entity Scope restriction defines the validity scope of the Permission Rule. It is defined by:
o Entity Related User: The existing user reference fields in the current entity. For example: Approver in the Contract entity.
o User Scope: Grouping container for the users in the NSP application. Select a Permission Scope Type.
Examples of Entity Scope restriction:
o Approver: Group - access rights valid only for members of same groups that Approver belongs to.
o Used By: Site - access rights valid for all the members of the sites that Used By user belongs to.
7. Entity Condition: Here you can delimitate so permission is granted only if a specified condition is fulfilled. It is defined by a condition on a property belonging to the entity that permission is defined for. Rule is valid only if the condition is fulfilled. The condition is built of a logical hierarchical structure of conditions and sub conditions. The different conditions are linked by operators And and Or. You select And to require match of all the linked conditions, or Or if match any single condition from the linked conditions defined is enough. The permission is granted only if the result of the complete logic expression is true. The section is initially displayed with one empty condition row, Add condition group and Add sub condition buttons, Delete button and operator selection And/Or. A condition row consists of three parts, a property selection dropdown, an operator and a value.
o Property dropdown contains all available properties for the selected entity.
o Operator is a dropdown where available alternatives differs due to property type. Could be e g equal, not equal, begins with, does not begin with, contains, does not contain, ends with, does not end with, is empty, is not empty, is null, is not null for a text field.
o Value field is changed due to current selected property. Could be a text field, numeric field, user combo box, status combo box, etc.
8. Environment Conditions is a list of conditions that Environment variables must fulfil in order to render the rule as valid. Each of the individual condition in the list must be fulfilled. Single condition consists of:
o Property: Name of the variable.
o Operator: Basic Logical Operator (Equal, Not Equal, Greater Than, Less Than, In range, Not in range).
o Value: Value of variable.
Environment variables are system variables that can take different values, depending on the status of the NSP Application. There are four Environment variables:
• Time of day: Value of the current time.
• Day of week : Value of the current day of week.
• Current date: Value of the current date.
• Current IP address: Takes value of the IP of the user in the current session.
Example: We want to make the Permission Rule valid only for working days between 9 AM and 5 PM we would set following Environment Conditions:
Property |
Operator |
Value |
Time of day |
Greater than |
09:00 |
Time of day |
Less than |
17:00 |
Day of week |
Not Equal |
Saturday, Sunday |